Auth0 Home Blog Docs

Can i log an user with only an email the first time

user-creation
passwordless
email

#1

Hi,
Is it possible to log an user with only an email the very first time with passwordless ?
Then the other times if an user try to log with this email a code send by email will be ask. But not the first time.
Can we do that with Auth0 ? Is it secure ?

Thanks


#2

This is not supported, and not recommended. Without proper authentication, you cannot determine whether the user is using his/her actual email address - malicious users can “sign up” multiple times using other people’s email addresses.

Our recommendation would be to use the full passwordless connection, where the user needs to receive a code/magic link to authenticate.


#3

Thanks Prashant. I understand but actually a malicious user can also signup multiple time with email and password if we don’t ask for an email validation right ?


#4

For this case, we have the Force Email Verification rule: https://auth0.com/rules/email-verified


#5