Auth0.swift: Passwordless Authentication
Passwordless authentication allows users to login using only an email address or phone number, reducing the friction that occurs when a user must remember a password. Passwordless authentication can be done via email or via SMS, and either by sending the user a code, or sending them a link which contains a code.
To use Passwordless Authentication you need Auth0.Swift version 1.20.0
or greater.
How Passwordless works
Passwordless requires two steps:
Request the code
Input the code
When using links, the same thing happens, but in a slightly different way, because the user does not have to input a code themselves. The code is included in the URL.
Step 1: Request the code
In this example, requesting the code is done by calling startPasswordless
with the user's email, and the type of connection. The type
parameter will default to Code
. On success, you'll probably display a notice to the user that their code is on the way, and perhaps route them to a view to input that code.
Auth0
.authentication()
.startPasswordless(email: "support@auth0.com")
.start { result in
switch result {
case .success:
print("Sent OTP to support@auth0.com!")
case .failure(let error):
print(error)
}
}
Was this helpful?
Step 2: Input the code
Once the user has a code, they can input it. Call the login
method, and pass in the user's email, the code they received, and the name of the connection in question. Upon success, you will receive a Credentials object in the response.
Auth0
.authentication()
.login(
email: "support@auth0.com",
code: "123456",
audience: "https://myapi.com/api",
scope: "openid email")
.start { result in
switch result {
case .success(let credentials):
print("Access Token: \(credentials.accessToken)")
case .failure(let error):
print(error)
}
}
Was this helpful?
If you used SMS, the call would be similar to this example instead:
Auth0
.authentication()
.login(
phoneNumber: "+4591131761367",
code: "123456",
audience: "https://myapi.com/api",
scope: "openid email")
.start { result in
switch result {
case .success(let credentials):
print("Access Token: \(credentials.accessToken)")
case .failure(let error):
print(error)
}
}
Was this helpful?
Passwordless parameters
Passwordless authentication can be started with a variety of different parameters.
For example:
.startPasswordless(email: String, type: String, connection: String)
or
.startPasswordless(phoneNumber: String, type: String, connection: String)
Parameter | Required | Description |
---|---|---|
email |
required | (String) Either email or phoneNumber is required (not both), depending on which will be used. |
phoneNumber |
required | (String) Either email or phoneNumber is required (not both), depending on which will be used. |
type |
optional | (String) The type of Passwordless transaction to use, either .Code or .iOSLink . Defaults to .Code . |
connection |
optional | (String) The name of the connection to use for the Passwordless authentication. Defaults to sms for the SMS overload or to email for the email overload |