Passwordless login

Users can use a one-time code instead of a password or follow a one-time link to authenticate in the application. The code or link can be sent via SMS or email and expires after 3 minutes.

The first time a user logs into your application without a password, a new account is created automatically. You don’t have to implement additional logic for user sign-up.

In Publisher Account, the Passwordless login option must be selected for the Login project that you use in your application. You can change the login method later by clicking the Change Login method link. Previously saved settings will not be lost.

To implement passwordless login:

Set up the Login project:
1. Open your project in Publisher Account.
2. In the side menu, click Login.
3. Click Configure in the Login project pane.
4. Go to Passwordless login > Settings and select the type of passwordless authentication method that you want to use.
5. To send a one-time link with the code, go to the Email settings tab and set the Log in via magic link toggle to On.
6. Click Save changes.

In the application UI, add the following elements:
- form to enter a phone number and/or email
- form to enter a one-time code

Implement passwordless authentication logic using the following SDK methods:

- StartAuthByPhoneNumber — starts user authentication and sends an SMS with a one-time code and a link to the specified phone number (if login via magic link is configured for the Login project).
- CompleteAuthByPhoneNumber — completes authentication after the user enters a one-time code or follows a link received by SMS.
- StartAuthByEmail — starts user authentication and sends an email with a one-time code and a link to the specified email address (if login via magic link is configured for the Login project).
- CompleteAuthByEmail — completes authentication after the user enters a one-time code or follows a link received in an email.
- OAuthLogout — ends the active user session.