OAuth 2.0 Authorization Framework

Implement Passwordless in Regular Web Apps

Access TokenPasswordless is designed to be called from the client-side and has a rate limit of 50 requests per hour per IP. If you call it from the server-side, your backend's IP may easily hit these rate limits.

JSON Web Token (JWT)Passwordless connections in Auth0 allow users to login without the need to remember a password. The benefits of enabling passwordless connections include:

  • Improved user experience, particularly on mobile applications, since users only need an email address or phone number to sign up and the credential used for authentication is automatically validated after sign-up.

  • Enhanced security since users avoid the insecure practice of using the same password for many purposes.

  • Less effort for you since you will not need to implement a password reset procedure.

OAuth roles


Passwordless connections use an authentication channel like SMS or email, which need to be configured under Connections > Passwordless in the Auth0 Dashboard.

We recommend implementing passwordless with audienceUniversal Login. If you are using embedded login with scopes or Auth0.js, you will need to enable custom domains for your tenant. To learn more, see Custom Domains.

Protocol flow

Tutorials for Regular Web Apps