Native Passwordless Login

With the Headless Passwordless Login Flow, users can log in by entering their email address or phone number and verifying their identity with a one-time password (OTP). You control the front-end experience in your app. On the back end, your app calls the Headless Passwordless Login API via an Experience Cloud site to log in the user.

Before setting up the passwordless login flow, make sure these tasks are complete.

For public clients, we recommend that you always enable Require reCAPTCHA to access the Headless Passswordless Login API, which requires your app to include a reCAPTCHA token in your initial request to the API.

To learn more about setting up reCAPTCHA, see:

To enable the flow with Mobile SDK, add these properties to the useNativeLogin method call.

  • To fill in these fields, use the values from the Google Cloud project reCAPTCHA settings.
  • Only enterprise reCAPTCHA requires reCaptchaSiteKeyId and googleCloudProjectId.
  • When using non-enterprise reCAPTCHA, set reCaptchaSiteKeyId and googleCloudProjectId to nil, and set isReCaptchaEnterprise to false.

To request the password and initialize passwordless login with OTP, use this method.

After the OTP has been requested, the user is prompted to enter the passcode. Use this method to submit the passcode with the OTP identifier returned by submitOtpRequest in the previous task.

For working examples of Headless Passwordless Login Flow on Mobile SDK, see the iOSNativeLoginTemplate or the AndroidNativeLoginTemplate on GitHub.