Dear Auth0 Team,
I am currently evaluating the passwordless authentication option and have encountered some questions regarding the implementation process. On Google and ChatGPT answers vary widely on my topic, so I’m looking forward to your expert advice.
My primary concern relates to the sign-up flow requirement. While I notice there is an option to “Disable Sign-ups” in the configuration (I want to get rid of this flow in the UX), my testing in the ACC environment has revealed some unexpected behavior:
- When entering a new email address, there is no system response
- No OTP is sent to the email address
- Users receive no notification that their account doesn’t exist
From a user experience perspective, I would expect the system to:
- Send an OTP regardless of account existing or not
- Automatically create the account in the background upon successful OTP verification
However, this doesn’t appear to be the current behavior. Could you please clarify:
- Are sign-ups still mandatory for passwordless authentication?
- If so, what are the key advantages of this approach from a user perspective?
- What is the recommended implementation strategy for passwordless authentication?
I appreciate your guidance on this matter.
Best regards,
Robert
/Update
Wow. I just discovered that perhaps the account is created automatically on the background, once I enabled the sign-ups, even though the user didn’t go through the new account creation flow that I just enabled. Is this how it should be implemented? Why is this extra flow there, if it’s possible to create user accounts without going through it? Security reasons?