Custom auth through Flows?

I have a weird but not totally unique use case. I’m building an edtech app for younger children (ages 5-10). we need to have traditional user profiles, etc.

some children will be able to use SSO through their school’s identity provider. their tablet will automatically be logged in or they have a QR code they can scan, etc. so I can authenticate them no problem.

other children won’t have that, either because they are using it at a school that doesn’t have an identity provider or are using it at home with their parents. in this case, they can’t realistically use a traditional email/password combo. even if we give them one, they won’t be able to remember it or type it in.

it’s very common among edtech apps for children to instead have a “class code”, a 4 or 6 character string, that brings up a screen with profile pictures of all the kids in the class. kids can then click on their profile picture and proceed. it’s a generally accepted risk that a student might click on the wrong profile.

is there a way I can build a custom auth for that? perhaps through a Flow?

This can be done!
The technical flow would be something like this:

1. A user fills in his emailadres
2. The frontend calls a custom endpoint that generates the PIN and updates it to the user
   2a. This would also send the email itself
3. Your frontend would ask the user for the PIN
4. The user would click on a button that does the following:
   4a. Validate the PIN
   4b. You generate a user session (create a record inside of the directus_sessions table) and give back the refresh_token to the frontend.
   4c. Place this refresh token on the SDK and ask it to generate a new access_token
5. Done!

A few things to note:

• Im not 100% sure if the SDK supports step 4c, but its possible one way or the other
• All of the above custom endpoints should have rate limiting (otherwise someone might bruteforce it)
• You should also make a time to live for the PIN itself (max 30 minutes or something) and clear it after the PIN has been used