Better AuthBA
Better Auth9mo ago
Acro

Clarification on Email OTP Auth Flows

I am not clear on the flows of the Email OTP auth flows.

  1. SignIn with OTP
    • I have regular credentials setup. Seems like it replaces the password in credentials? And I would have only an email field with a button Sign In with Passcode? Or does this happen in addition to password kinda like two-factor auth without the twoFactor plugin.
  2. Verify Email
    • self explanatory. Sent on Sign Up, user auto Signed In. Authenticated Form to input OTP and resend verification email button.
  3. Reset Password
    • Is this for currently logged out user it seems? Reset password form with just email field. This email gets sent with the OTP and a link to your public password change password form: otp, email, new password, confirm new password? I'm generally familiar with reset links. But I think somewhere in OWASP, OTP are recommended.
I guess I can opt out of any of these just by not providing the function. I don't know th use case of SignIn with OTP for instance.
Was this page helpful?