Email/SMS Authentication
One-Time Passcodes and Magic Links can be sent via email or phone. Passage highly recommends using One-Time Passcodes over Magic Links, they are easier to implement, more secure, and they provide a better user experience.
Login Codes
A login code, or one-time passcode(OTP), is a passcode that is sent to a user via email or SMS. While authenticating, a user will input the passcode to complete login or registration.
Send registration passcode to user
To create a new passcode for registration and send to users, call passage.oneTimePasscode.register()
with a user's email address or phone number. A successful call will return a OTP object. The OTP object contains the OTP ID used for activating the OTP.
const otp = await passage.oneTimePasscode.register(identifier);
Send login passcode to user
To create a new passcode for login and send to users, call passage.oneTimePasscode.login()
with a user's email address or phone number. A successful call will return a OTP object. The OTP object contains the OTP ID used for activating the OTP.
const otp = await passage.oneTimePasscode.login(identifier);
Activate passcode
When the user inputs their OTP into your app, you will send their OTP input string and OTP id through passage.oneTimePasscode.activate()
to validate.
const authResult = await passage.oneTimePasscode.activate(otp, otp.id!);
Magic Links
Magic Links are hyperlinks that are sent to a user via email or SMS. Clicking the link authenticates your users and redirects them to your app.
Send registration Magic Link to user
To create a new Magic Link for registration and send to users, call passage.oneTimePasscode.register()
with a user's email address or phone number. A successful call will return a MagicLink object. The MagicLink object contains the MagicLink ID used for activating the MagicLink.
const magicLink = await passage.magicLink.register(identifier);
Send log in Magic Link to user
To create a new magic link for login and send to users, call passage.magicLink.login()
with a user's email address or phone number. A successful call will return a MagicLink object. The MagicLink object contains the MagicLink ID used for activating the MagicLink.
const magicLink = await passage.magicLink.login(identifier);
Activate Magic Link in app (optional)
Prerequisite: Setup React Native linking (opens in a new tab)
When the user taps on the Magic Link url on their mobile device, you'll need to capture the url, parse out the Magic Link (it is in the psg_magic_link
query parameter), and then pass that Magic Link string to Passage.magicLinkActivate()
to validate.
const authResult = await passage.magicLink.activate(magicLink.id);
Check Magic Link Status
If the user opens the Magic Link on a different device or you have not setup React Native Linking, it is up to your web front end to handle and activate the Magic Link. In this case, you’ll need to continually check the status of the link in your app. Once the Magic Link has been activated by the web front end, Passage.getMagicLinkStatus()
will return a PassageAuthResult
and your user will be authenticated.
const authResult = await passage.magicLink.status(magicLink.id);