2 replies

Clarification on Email OTP Auth Flows

Acro · 2025-04-06T22:41:28.221Z

I am not clear on the flows of the `Email OTP` auth flows. 1. `SignIn with OTP` - I have regular credentials setup. Seems like it replaces the `password` in credentials? And I would have only an `email` field with a button `Sign In with Passcode`? Or does this happen in addition to `password` kinda like two-factor auth without the `twoFactor` plugin. 2. `Verify Email` - self explanatory. Sent on Sign Up, user auto Signed In. Authenticated Form to input OTP and resend verification email button. 3. `Reset Password` - Is this for currently logged out user it seems? Reset password form with just `email` field. This email gets sent with the OTP and a link to your public password change password form: `otp`, `email`, `new password`, `confirm new password`? I'm generally familiar with reset links. But I think somewhere in OWASP, OTP are recommended. I guess I can opt out of any of these just by not providing the function. I don't know th use case of `SignIn with OTP` for instance.

I am not clear on the flows of the

Email OTP

Email OTP

auth flows.

1.

SignIn with OTP

SignIn with OTP

- I have regular credentials setup. Seems like it replaces the

password

password

in credentials? And I would have only an

email

email

field with a button

Sign In with Passcode

Sign In with Passcode

? Or does this happen in addition to

password

password

kinda like two-factor auth without the

twoFactor

twoFactor

plugin.
2.

Verify Email

Verify Email

- self explanatory. Sent on Sign Up, user auto Signed In. Authenticated Form to input OTP and resend verification email button.
3.

Reset Password

Reset Password

- Is this for currently logged out user it seems? Reset password form with just

email

email

field. This email gets sent with the OTP and a link to your public password change password form:

otp

otp

email

email

new password

new password

confirm new password

confirm new password

? I'm generally familiar with reset links. But I think somewhere in OWASP, OTP are recommended.

I guess I can opt out of any of these just by not providing the function. I don't know th use case of

SignIn with OTP

SignIn with OTP

for instance.

Better Auth•11mo ago•

2 replies

Acro

Clarification on Email OTP Auth Flows

I am not clear on the flows of the

Email OTP

Email OTP

auth flows.

1.

SignIn with OTP

SignIn with OTP

- I have regular credentials setup. Seems like it replaces the

password

password

in credentials? And I would have only an

email

email

field with a button

Sign In with Passcode

Sign In with Passcode

? Or does this happen in addition to

password

password

kinda like two-factor auth without the

twoFactor

twoFactor

plugin.
2.

Verify Email

Verify Email

- self explanatory. Sent on Sign Up, user auto Signed In. Authenticated Form to input OTP and resend verification email button.
3.

Reset Password

Reset Password

- Is this for currently logged out user it seems? Reset password form with just

email

email

field. This email gets sent with the OTP and a link to your public password change password form:

otp

otp

email

email

new password

new password

confirm new password

confirm new password

? I'm generally familiar with reset links. But I think somewhere in OWASP, OTP are recommended.

I guess I can opt out of any of these just by not providing the function. I don't know th use case of

SignIn with OTP

SignIn with OTP

for instance.

Clarification on Email OTP Auth Flows

Similar Threads

Clarification on Email OTP Auth Flows

Similar Threads

Similar Threads

Similar Threads