Native Passwordless Login
With the Headless Passwordless Login Flow, users can log in by entering their email address or phone number and verifying their identity with a one-time password (OTP). You control the front-end experience in your app. On the back end, your app calls the Headless Passwordless Login API via an Experience Cloud site to log in the user.
Before setting up the passwordless login flow, make sure these tasks are complete.
- Complete Prerequisites for Headless Identity in Salesforce Help.
- Configure a Connected app for the Authorization Code and Credentials Flow in Salesforce Help.
- Set up Native Login for Experience Cloud.
- Configure Experience Cloud Settings for Headless Passwordless Login in Salesforce Help.
For public clients, we recommend that you always enable Require reCAPTCHA to access the Headless Passswordless Login API, which requires your app to include a reCAPTCHA token in your initial request to the API.
To learn more about setting up reCAPTCHA, see:
- Secure Your Headless Identity Implementation with reCAPTCHA Enterprise
- Integrate reCAPTCHA Enterprise with iOS apps
- Integrate reCAPTCHA Enterprise with Android apps
To enable the flow with Mobile SDK, add these properties to the useNativeLogin method call.
- To fill in these fields, use the values from the Google Cloud project reCAPTCHA settings.
- Only enterprise reCAPTCHA requires
reCaptchaSiteKeyIdandgoogleCloudProjectId. - When using non-enterprise reCAPTCHA, set
reCaptchaSiteKeyIdandgoogleCloudProjectIdtonil, and setisReCaptchaEnterprisetofalse.
To request the password and initialize passwordless login with OTP, use this method.
After the OTP has been requested, the user is prompted to enter the passcode. Use this method to submit the passcode with the OTP identifier returned by submitOtpRequest in the previous task.
For working examples of Headless Passwordless Login Flow on Mobile SDK, see the iOSNativeLoginTemplate or the AndroidNativeLoginTemplate on GitHub.