Skip to main content

Passwordless Login

The passwordless login is implemented on top of the OAuth2 "authorization code flow", so you need to create an OAuth client first.

Here is a (react) example app, if you want to see some code: https://github.com/sun-labs/cloudgarden-passwordless-react-example-with-pkce.

How it works

Passwordless login flow

  1. Create an OAuth client (see).
  2. Collect the user's email address-
  3. Generate the needed pkce data. You can read here how and when to do this.
  4. With the users email, the code_challenge, the code_challenge_method, and redirect_uri (this is used to construct the login-link and has to match one of the redirectUri values of the client) call POST /auth/passwordlessLogin/code.
  5. Collect the login code either via input or using the login link, which will have a query parameter code, which contains the login code.
  6. With the login-code, the client credentials, grant_type set to authorization_code, and the "code verifier" (if pkce), make a request to POST /auth/oauth2/token
  7. You'll receive a response with the tokens.

Token response example

{
    "access_token": "ey...",
    "refresh_token": "c9...",
    "expires_in": 900,
    "token_type": "Bearer"
}