Passwordless Login
Passwordless Login streamlines the authentication process by enabling users to access their accounts without a password. Instead of relying on traditional credentials, users receive a secure link or a One-Time Password (OTP) via email or phone. Users can securely log in by verifying the link or OTP, improving convenience and security. This approach eliminates the need to remember complex passwords, providing a smoother, more user-friendly login experience.
How It Works
- The user enters their registered email or phone number.
- A login link or OTP is sent to their email or phone.
- The user clicks the link or enters the OTP.
- Upon successful verification, they are logged in.
📌 Note: Users must first register with a password. Afterward, they can log in using their link or OTP.
Key Features
- Frictionless Login: Enables seamless login without needing to remember passwords.
- Enhanced Security: This reduces the risk of password theft or breaches.
- Improved User Experience: Provides a hassle-free authentication process.
- Alternative Authentication: Useful when users forget passwords or prefer OTP-based logins.
Configurations
Here's how to enable and configure Passwordless Login in your authentication settings in the admin console:
- Enable Passwordless Login
- Passwordless Login Email Configuration
- Passwordless Login Phone Configuration
Steps to Enable Passwordless Login:
- Log in to the Admin Console.
- Navigate to Passwordless Login in Admin Console.
- Ensure Passwordless Login is enabled.
- If not enabled, contact the LoginRadius Support Team.
- This option sends a login link to the user's email, allowing them to log in by clicking the link.
- You can configure an email provider to send emails to users. For detailed instructions on configuring the email provider and its usage, please refer to this documentation.
- You can customize the email template to modify the content sent to users, ensuring it aligns with your requirements. For detailed instructions on configuring email templates, refer to this document.
- In this option, an OTP is sent to the registered phone number, which the user can use to log in.
- You can set up an SMS provider to send messages to users containing the OTP. For detailed instructions on configuring the SMS provider and its usage, please refer to this documentation.
- You can customize the SMS template to tailor the content sent to users according to your requirements. For detailed instructions on SMS template configuration, refer to this document.
📌 Note: Passwordless Login will not function if Two-Factor Authentication (2FA) is also enabled for the user.
Integration Guide
The LoginRadius Identity Platform offers multiple implementation methodologies, enabling you to customize customer flows and select the passwordless login integration method that best suits your requirements.
- Passwordless Login Setup using Javascript interface
- User Registration
- User Login
- User Verification
Step 1: Include the JavaScript Library
Add the following script to your HTML file in the <head> tag:
<script src='https://auth.lrcontent.com/v2/LoginRadiusV2.js' type='text/javascript'></script>
Step 2:Initialize the LoginRadiusV2 Object
Set up your LoginRadius configuration in the <head> tag:
<script>
var commonOptions = {};
commonOptions.apiKey = "<your loginradius API key>";
commonOptions.appName = "<LoginRadius site name>";
commonOptions.instantLinkLogin = true;
commonOptions.instantOTPLogin = true;
var LRObject = new LoginRadiusV2(commonOptions);
</script>
These two options enable the display of the passwordless login feature for both methods:
-
commonOptions.instantLinkLogin = true; -
commonOptions.instantOTPLogin = true;
Step 3: Load the Passwordless Login Interface and Validate Result
Add the following script before closing the </head> tag:
<script>
var login_options = {};
login_options.container = 'login-container';
login_options.onSuccess = function(response) { console.log(response); };
login_options.onError = function(errors) { console.log(errors); };
LRObject.util.ready(function() { LRObject.init('login', login_options); });
// Validate OTP
var passwordlessloginvalidate_options = {};
passwordlessloginvalidate_options.onSuccess = function(response) { console.log(response); };
passwordlessloginvalidate_options.onError = function(errors) { console.log(errors); };
LRObject.util.ready(function() { LRObject.init('passwordlessLoginValidate', passwordlessloginvalidate_options); });
</script>
Step 4: Include the Login Container
Insert the following code within the <body> tag to add the login container div:
<div id="login-container"></div>
Register a new user with a unique email and password. The system securely stores credentials for authentication.
Auth User Registration by Email: Register users using their email and password.
For detailed information on User Registration, please refer to this document.
After registration, users can log in using Passwordless Login via one of the following options:
Option 1: Login via Registered Email
Passwordless Login By Email API: This API sends a Passwordless Login verification link to the specified email ID.
Option 2: Login via Phone
Passwordless Login by Phone API: This API sends a One-Time Passcode (OTP) if the account has a verified Phone ID.
Please refer to this document for detailed information on the Passwordless Login API.
After the user requests a link or OTP, verify their account using the following APIs:
Passwordless Login Email Verification: This API is used to verify the Passwordless Login verification link.
Passwordless Login Phone Verification: This API verifies an account by OTP and allows the customer to log in.
Upon successful account verification, the response will include the complete user profile.
You can use any SDKs provided by LoginRadius based on your requirements for Passwordless Login SDK implementation. LoginRadius GitHub Repositories
Best Practices
- Customize OTP messages to identify your app and reduce phishing risks.
- Enforce limits on OTP retries and expiration time, and prevent reuse to block brute-force attempts.
- Use secure and compliant email/SMS providers to ensure message deliverability and protection against spoofing.