Hi, this is Kassandra with Auth0 and what we're gonna do today is talk about passwordless authentication and kind of show you how to configure that. As for a demo, what I've got here is a sign-in page where I'm gonna click and I'm gonna send it my email. And what it's going to do is send a one-time use code to this email address that I can then use to log in. And there it goes.
So what you can see here is the email with the verification code that Auth0 has sent us to be used to verify my identity. So I'm gonna copy that and use it to log in. All right. Now that I have my code, I'm just gonna paste it here and log in. And as you can see, via the dialogue and the little app screen, I have officially logged in without the use of a password.
So Autho0 allows people to log in with SMS one-time codes, email either one-time codes or magic links where you click the link and it logs in for you. It also allows TouchID to be used as a log-in for native iOS apps whereas email and SMS are universal.
So now, let's take a look at how to configure these services using the Autho0 dashboard. So let's start by implementing email. Go ahead and click this algo [sp] switch and if this dialogue appears, click continue to get to the setting screen.
The setting screen contains many useful things as well as hover-overs with question marks in case you need more information. And a link to configure a custom email provider if you'd rather use someone other than Auth0.
You can select your email syntax, either HMTL and Liquid or Markdown. From and subject, use application.name which is a variable that we'll use in the name of your application. It also shows the sending address that we'll use. Subject, same thing. Now the body, we've got a very nice template that has a lot of CSS styling already available. But of course, feel free to edit this as you see fit.
Finally, authentication parameters is very interesting. What you can do is you can set query string parameters to be included as part of the generated link. OTP expiry and length are the same as they are with SMS. You can set the expiration time in seconds and the length. And you can, just like SMS, disable sign-ups using this flip switch. And save.
Look at apps and again, we'll wanna make sure at least one of these is turned on and hit save. And then under try, you can select your application, select your email recipient, and you can select a mode, code, or link. The link will allow you to log in once you click it. Then when you hit try, you should receive an email, receiving your code or a link in a few seconds.
So next, we'll talk about how to implement and configure SMS. To do this, first we're gonna take the little flip switch and flip it on. Next, you'll want to add your TwilioSID and Twilio Auth Token. Note, there are links available for you to know how to access these things from the Twilio dashboard. For those unfamiliar with Twilio, this is a service that allows you to send SMS and phone calls programmatically. You can also learn more at our documentation which has a link right there.
Finally, you'll want to select the phone number which is the number that you've selected on Twilio, the number that they've given you.
Down here, you have a template that you can edit for your SMS. You can use Liquid syntax of Markdown syntax. For those unfamiliar with Liquid, there's a handy link to see what this syntax looks like.
Down here, you can change the expiry and the length of the code that is sent. The time is set in seconds, as you can see here, and the length is set in integer as you can see here.
Finally, you can allow or disable sign-ups using this toggle switch. Right now, since this switch is disabled, sign-ups are allowed via this method. If I turn this on, users will only be able to log in. Then I'll hit save.
Next, what we'll wanna do is make sure it's enabled for our applications. Sometimes, these will be turned off and you'll want to at least make sure one is turned on in order for this to work. You can hit save.
Finally, under the try tab, this allows us to test that our SMS application actually works without having to log into the app. You pick which application you'd like to test it on and you pick an SMS recipient. Then hit try and you should receive a password to your phone.
Finally, let's talk about enabling TouchID log-in from the dashboard. Flip the switch here and click it to get into the dialogue. However, there aren't any settings for TouchID. That's because you'll be using iOS to configure all of the TouchID usage. However, we have a handy link to the docs right here that will take you to our Swift tutorial on how to implement TouchID.
So that's our tutorial for our passwordless authentication. If you have any questions, please feel free to email me at firstname.lastname@example.org or peruse the docs even more. Thanks for listening.