Want to enable Login via OTP (no password)

mark.shapiro

Basically I want the functionality of using MFA with SMS, but not actually have them enter a password. Steps would look like:

1. User enters Username
2. They are texted a code
3. They enter code on new page
4. Get a JWT and enter the application.

We would build the UI for this but trying to figure out which APIs would be involved.
This exists, but it requires a password on the request. I think I need to make a call that generates a changePasswordId request, is that the Start Reset Flow and then I pass that to the above generation?

As mentioned, we can handle:

1. Capture the username
2. Do things to generate a code
3. Send code via SMS on our end
4. Capture the code (as entered by the user)
5. Make a Login call back to FA for token
6. Use app

I'm just not 100% which to use on step 2.

mark.shapiro

Think I may have gotten this sorted out (closed the other post I found on this)

1. use /api/passwordless/start to get a code
   -- Send Code externally --
2. call /api/passwordless/login after user enters code to get JWT
   -- Do stuff in app --

seems like it should work

mark.shapiro

Found it for reference https://github.com/FusionAuth/fusionauth-issues/issues/615

mark.robustelli

@mark-shapiro Thanks for sharing with the community.