Passwordless Login

The basic idea is that instead of using a password to authenticate each user, a temporary secret code is sent to him/her over an e-mail.

It’s almost as if the backend server makes up a temporary, one-use password each time a user wants to log in.

Configuration

There is no required configuration for this functionality.

Passwordless Login

Links

Description

Here is a complete overview of Passwordless Login functionality:

Signin

The Passwordless Login flow consists of these elements:

  • an API endpoint for triggering a passwordless login flow
  • user receives an email with a link (5 minutes expiration)
  • once the user press the link:
    • the user is logged in
    • if terms & agreements acceptance is needed, the user is presented with the acceptance step, otherwise this is skipped
    • if user is not registered, he has to fill in required fields
  • when logged in state is successful, the user is redirected back to the client provided and validated redirectUrl

See also

Relevant endpoints

Help us improve

Did you spot an error? Or maybe you just have a suggestion for how we can improve? Leave a comment, or better yet, send us a pull request on GitHub to fix it (in-browser editing, only takes a moment).

History of this page

Comments/feedback

Do you have questions, or just want to contribute some newly gained insight? Want to share an example? Please leave a comment. SPiD reads and responds to every question. Additionally, your experience can help others using SPiD, and it can help us continuously improve our documentation.