Implement Passwordless Authentication
This guide will show you how to implement passwordless authentication, which will allow your users to log in without a password. Instead, they will use a one-time-use code or magic link received via SMS or email.
Before beginning this guide:
- Register your Application with Auth0.
Set up the passwordless connection: Set up the passwordless connection with which users can authenticate.
Configure the login page: Configure your login page to work with passwordless.
Configure your application: Configure your application to call the login page.
Optional: Explore Sample Use Cases
Set up the passwordless connection
Set up the passwordless connection. This includes choosing the authentication method (SMS or email), customizing message text, and selecting code options.
To learn how, see Set Up Passwordless Connections.
Configure the login page
Configure your login page to work with passwordless. This includes setting up the passwordless fields on your login page and selecting user interface options.
The best option is to use Auth0's Universal Login feature, which allows you to handle the various flavors of authentication without having to do any integration work. Better yet, your application will inherit all improvements Auth0 makes to its login flow without you needing to change a single line of code.
You can use Universal Login with Passwordless authentication in two ways:
Universal Login + Lock (passwordless): Configure your login page using Universal Login with the Lock (passwordless) template. The Lock (passwordless) template provides a sample login page using Auth0's Lock widget with Passwordless mode. You can customize the template using available Lock options.
Universal Login + Custom UI + Auth0.js: Configure your login page using Universal Login with the Custom UI template. The Custom UI template provides a sample login page using HTML, CSS, and Auth0.js. You can customize the template to use your own HTML and CSS styling. You will also need to customize it to work with Passwordless by using available Auth0.js options.
To learn how to configure your login page for passwordless using Universal Login, see Configure Universal Login with Passwordless.
An alternative option is to use an embedded login form with the Lock (with Passwordless) widget. Using Embedded Login with any application type leaves your application vulnerable to cross-origin resource sharing (CORS) attacks and requires the use of Auth0 Custom Domains, which is a paid feature.
To learn how to configure an embedded login page for use with passwordless, see Configure Login Page for Passwordless: Embedded + Lock (with Passwordless).
Configure your application
Set up your application to call the login page and handle the authentication callback. To do this, use our Quickstarts for your selected application type:
Regular Web Applications
Use any Regular Web App Quickstart to learn how to call the login page and handle the server-side authentication callback.
Use any Single-Page App Quickstart and follow only the Login step to learn how to call the login page, handle the callback, and acquire your user's information.
Use one of the following QuickStarts and follow only the Login step to learn how to call the login page with Universal Login: