Auth0.Android Passwordless Authentication

Passwordless authentication from native applications is disabled by default for new tenants as of 8 June 2017. Users are encouraged to use Universal Login and perform Web Authentication instead. If you still want to proceed you'll need to enable the MFA Grant Type on your dashboard first. See Application Grant Types for more information.

Passwordless can occur over email or SMS, either by sending the user a code or sending a link that contains a code. All methods of Passwordless authentication require two steps: requesting the code and inputting the code for verification.

Set up the Android SDK

First, set up the Android SDK so that you can use the Passwordless methods below.

Configure Auth0 and the Android SDK

Using the Passwordless API requires setting using the Auth0 Android SDK version 1.20 or higher.

To use the Passwordless API from a Native client, enable the Passwordless OTP grant for your application in Dashboard > Applications > (YOUR APPLICATION) > Settings > Advanced Settings > Grant Types.

Request the code

This example requests the code by calling passwordlessWithEmail with the user's email, PasswordlessType.CODE, and the name of the connection as parameters. On success, you may want to notify the user that their code is on the way, and perhaps route them to where they will input that code.

authentication
    .passwordlessWithEmail("username@domain.com", PasswordlessType.CODE, "my-passwordless-connection")
    .start(object: Callback<Void?, AuthenticationException>() {
        override fun onSuccess(result: Void?) {
            // Code sent!
        }

        override fun onFailure(error: AuthenticationException) {
            // Error!
        }
    })

You can use the passwordlessWithSms method to send the code using SMS.

Input the code

Once the user has a code, they can input it. Call the loginWithEmail method and pass in the user's email, the code they received, and the name of the connection in question. Upon success, you receive a Credentials object in the response.

authentication
    .loginWithEmail("username@domain.com", "123456", "my-passwordless-connection")
    .start(object: Callback<Credentials, AuthenticationException>() {
        override fun onSuccess(result: Credentials) {
            // Logged in!
        }

        override fun onFailure(error: AuthenticationException) {
            // Error!
        }
    })

You can use the loginWithSms method to send the code received by SMS and authenticate the user.

The default scope used is openid profile email.