Support Blog Demo

Fallback Authentication

Optional: Fallback authentication methods provide support for users that cannot or do not want to authenticate with passkeys.

One-Time Passcodes are the default fallback authentication method. However, Magic Links are also supported by Passage. One-Time Passcodes and Magic Links can be sent via email or phone. Passage highly recommends using One-Time Passcodes over Magic Links, they are easier to implement, more secure, and they provide a better user experience.

NOTE: You can disable fallbacks completely for your Passage app in Passage Console. This will cause each of the below methods to fail, but will force users to adopt passkeys.

One-Time Passcodes (OTP)

An OTP is a passcode that is sent to a user via email or SMS. While authenticating, a user will input the passcode to complete login or registration.

Send registration OTP to user

To create a new passcode for registration and send to users, call Passage.newRegisterOneTimePasscode() with a user's email address or phone number. A successful call will return a OTP id. The id will be used when you activate the OTP.

Passage.newRegisterOneTimePasscode(identifier);

Send login OTP to user

To create a new passcode for login and send to users, call Passage.newLoginOneTimePasscode() with a user's email address or phone number. A successful call will return a OTP id. The id will be used when you activate the OTP.

Passage.newLoginOneTimePasscode(identifier);

Activate OTP

When the user inputs their OTP into your app, you will send their OTP input string and OTP id through Passage.oneTimePasscodeActivate to validate.

 Passage.oneTimePasscodeActivate(otp, otpId!);

Magic Links

Magic Links are hyperlinks that are sent to a user via email or SMS. Clicking the link authenticates your users and redirects them to your app.

Send registration Magic Link to user

To create a new magic link for registration and send to users, call Passage.newRegisterMagicLink() with a user's email address or phone number. A successful call will return a Magic Link id. The id will be used when you Activate the Link and Check the Link Status.

Passage.newRegisterMagicLink(identifier);

Send log in Magic Link to user

To create a new magic link for login and send to users, call Passage.newLoginMagicLink() with a user's email address or phone number. A successful call will return a Magic Link id. The id will be used when you Activate the Link and Check the Link Status.

Passage.newLoginMagicLink(identifier);

Activate Magic Link in app (optional)

Prerequisite: Setup React Native Linking

When the user taps on the Magic Link url on their mobile device, you'll need to capture the url, parse out the Magic Link (it is in the psg_magic_link query parameter), and then pass that Magic Link string to Passage.magicLinkActivate()to validate.

Passage.magicLinkActivate(magicLink);

Check Magic Link Status

If the user opens the Magic Link on a different device or you have not setup React Native Linking, it is up to your web front end to handle and activate the Magic Link. In this case, you’ll need to continually check the status of the link in your app. Once the Magic Link has been activated by the web front end, Passage.getMagicLinkStatus() will return a PassageAuthResult and your user will be authenticated.

Passage.getMagicLinkStatus(magicLinkId!);

PreviousPasskey AuthenticationNextUser Management

Last updated

Change request #337: react native