Passwordless API - Can you use the APIs to log in a user?

mark.robustelli

Can you log the user in without any action on their part by using the passwordless API?

mark.robustelli

Yes, if you have API access. Please find the documentation here: Passwordless APIs

The process would go like this:

1. Call Start /api/passwordless/start, capture the code code.
2. Call Login /api/passwordless/login with code
3. Get a JWT and do with it what you normally would

For a Two Factor setup you would:

1. Call Start /api/two-factor/start consume code
2. Call Login /api/two-factor/login with code
3. Get a JWT

If the end user never needs to log themselves in, you may also consider:

1. Assign a random application password to a user.
2. Use that known password to call the Login API
3. Get a JWT!
4. Optionally remove the application password if you want it to be a one time use password.

This does have the issue of not creating an SSO session for the user, but that may not be a problem. (If someone logs in this way, and then goes to another application which has a login page managed by the 'hosted login pages' of FusionAuth, they won't be automatically logged in.)