I currently have three authentication methods set up for my main application: username/password (done through registration via management API), passwordless, and Google OAuth. I have my authentication profile set to Identifier First, which seems like the logical choice if I want users to either use a password or receive a one-time code/link. On the authentication profile screen, the infographic even says that identifier first could lead to either password or passwordless login. However, in practice, entering an email which is signed up as passwordless never routes the user to a one-time code workflow. Instead, it asks for a password. I can verify that the user’s connection is only ‘email’ and nothing else. Is there a reason that identifier-first doesn’t make the distinction between the two types of users? For my use case, the universal login becomes a lot less useful because I don’t know ahead of time whether or not a user going to the login page is signed up via passwordless or other methods. Is there a workaround to this that I can configure?
Hi @ampossardt,
There is no real way for the system to let you know ahead of time if you are going to use the email with a username/password connection or an email passwordless connection. If there is a database connection in place for your application, that one will always be the default. If no database connection has been setup but a passwordless connection has, then that one will be used. This is done for security reasons.
If you want to use both, you’ll have to create two /authorize endpoints, each with the connection that you want to use. Otherwise, you’ll have to choose to only use one.
If you have any other question feel free to reach out.
Have a good one,
Vlad