OTP based authentication via mail using Auth0 passwordless.
-
Clone or Download the project source.
-
Build and run the app, once done you should be able to see the following:
-
Enter the email-ID using which you wish to authenticate
-
An OTP will be sent to the email for confirmation.
-
Enter the OTP receieved to authenticate.
A few code snippets that can be used to call these API endpoints in different scenarios.
- To request an OTP, you can use the following cURL command:
curl --request POST \
--url 'https://dev-25x9oi7h.us.auth0.com/passwordless/start' \
--header 'content-type: application/json' \
--data '{"client_id": "rotYO6RMfRsIaL6cF2UMFDzF4fFeY03P", "connection": "email", "email": "[email protected]", "send": "code"}'
Using test domain and client ID for the test application I've made in these cURL commands, DO NOT share these if in production. Needless to say, you need replace the "email" (currently added mine as an example) with the email you want to authenticate with.
{
"_id": "610c62410858457944df09e8",
"email": "[email protected]",
"email_verified": false
}
- Once called, you should recieve an OTP on your email which you need to authenticate the user. You can use the following to authenticate:
curl --request POST \
--url 'https://dev-25x9oi7h.us.auth0.com/oauth/token' \
--header 'content-type: application/json' \
--data '{"grant_type": "http://auth0.com/oauth/grant-type/passwordless/otp", "client_id": "rotYO6RMfRsIaL6cF2UMFDzF4fFeY03P", "username": "[email protected]", "otp": "123456", "realm": "email", "audience": "https://dev-25x9oi7h.us.auth0.com/api/v2/", "scope": "openid profile email"}'
Again, here you need to replace the email with the one you've used earlier and add the OTP you've recieved against "otp". Once added, it'll authenticate the user when called.
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IlBrYUQ2T1lRU2h1WFd2MUhkZktXTSJ9.",
"id_token": "9BMO90slfbXu8NFwROFE4RWUaFyUT964axBsKVETNY8TT_cCelc2dp1W5oGpWhaWwkAZH-ApCON66Jdkt7wlGfcG4Ie4S4rMnKGEy6A",
"scope": "openid profile email read:current_user update:current_user_metadata delete:current_user_metadata create:current_user_metadata create:current_user_device_credentials delete:current_user_device_credentials update:current_user_identities",
"expires_in": 86400,
"token_type": "Bearer"
}
All kinds of contributions to improve the source are welcome! You can initiate a patch here.
- The official Auth0 Passwordless documentation
- The Android toolkit for Auth0 API source