Passwordless Authentication

Available on the following plans

FreeBasicPremiumUltimateEnterprise

About Passwordless Authentication

Passwordless login allows your users to sign up and log into your application using only their email address. Userfront sends an email or webhook with a single-use link that a user can click on to log into your application.

Passwordless authentication is sometimes referred to as “Login links” or “Magic links”.

Passwordless authentication message

Passwordless Requirements

Userfront’s passwordless links can only be used once each.

There are several types of passwordless links that allow an end user to log in.

  • Welcome links can be sent when a user first signs up or is invited to join an application.
  • Login links can be sent each time a user wants to log into an application with an existing account.
  • Custom links can be sent at any time, and can have custom duration.

Whenever a passwordless link is used successfully, the user's email address is automatically confirmed.

Links expire after a successful use or after a period of time:

Link type
Duration
Welcome link
3 days
Login link
1 hour
Custom link
Between 10 seconds and 1 month

Passwordless Handling

Email links sent by Userfront

By default, Userfront emails a passwordless login link directly to the user requesting the link.

Each passwordless link contains an identifier and a token, both of which are submitted during the login process. A standard link looks like this:

https://www.acme.com/login?token=240be811-bda4-48a1-9658-1aee60951c49&uuid=e09e2bfc-0d2c-45f1-9744-7dcb72d1ea2d

Email links by webhook

You can configure Userfront to send a webhook to your server instead of sending an email to the user, which allows you to send the link however you choose.

In this case, the webhook payload will look like this:

{
  "action": "login",
  "model": "user",
  "mode": "live",
  "factor": {
    "strategy": "link",
    "channel": "email",
    "email": "user@example.com",
    "url": "https://www.acme.com/login?uuid=53a8435e-e79c-4ba6-99cc-0e2f290cb647&token=a2e43b5c-5662-40f0-a91d-4e5979280027",
    "token": "a2e43b5c-5662-40f0-a91d-4e5979280027",
    "uuid": "53a8435e-e79c-4ba6-99cc-0e2f290cb647",
    "message": "Your Acme Group login link is: https://www.acme.com/login?uuid=53a8435e-e79c-4ba6-99cc-0e2f290cb647&token=a2e43b5c-5662-40f0-a91d-4e5979280027",
    "expiresAt": "2024-03-12T01:09:29.402Z"
  },
  "record": {
    "mode": "live",
    "userId": 5,
    "tenantId": "abcd1234",
    "userUuid": "53a8435e-e79c-4ba6-99cc-0e2f290cb647"
  }
}

Passwordless Documentation

Passwordless API endpoints

End user actions

Admin actions

123 E San Carlos St #17
San Jose, CA 95112
About UserfrontContact usPricing
Userfront system statusService Level AgreementTerms of ServicePrivacy Policy
© 2024 Userfront