The basic idea is that instead of using a password to authenticate each user, a temporary secret code is sent to him/her over an e-mail.
It’s almost as if the backend server makes up a temporary, one-use password each time a user wants to log in.
There is no required configuration for this functionality.
Here is a complete overview of Passwordless Login functionality:
The Passwordless Login flow consists of these elements:
- an API endpoint for triggering a passwordless login flow
- user receives an email with a link (5 minutes expiration)
- once the user press the link:
- the user is logged in
- if terms & agreements acceptance is needed, the user is presented with the acceptance step, otherwise this is skipped
- if user is not registered, he has to fill in required fields
- when logged in state is successful, the user is redirected back to the client provided and validated redirectUrl
Do you have questions, or just want to contribute some newly gained insight? Want to share an example? Please leave a comment. SPiD reads and responds to every question. Additionally, your experience can help others using SPiD, and it can help us continuously improve our documentation.