Email OTP Verification - Expiry and Max Retries

auth0.knowledge2 · January 3, 2025, 6:43pm

Overview

The Email One-Time Passcode (OTP) Verification is configured as per this screenshot:

This article explains how long the OTP is valid and how many failed retries are allowed.

Applies To

Email One-Time Passcode (OTP) Verification

Solution

The expiry period is 15 mins and is currently non-configurable.

This endpoint does not currently have a max retries threshold, but users are more likely to come across a rate limit on the following endpoint, which is 5 requests per minute per IP on a production tenant:

/u/email-identifier/challenge

Topic		Replies	Views
What is expiry and attemp-failed of "Generate one-time password"'s action in flows? Help community-topic , other	8	40	January 13, 2025
Email OTP code submission through proxy, "You've reached the maximum number of attempts. Please try to login again" Help auth0	7	5337	May 6, 2024
"Wrong email or verification code" randomly for a increasing amount of users Help	4	1897	December 21, 2022
Changing the expiry time of a passwordless email link Help passwordless-email	0	3969	September 12, 2019
Email verfication flow to resend the same verification code Help email-verification	2	3736	January 17, 2023

Email OTP Verification - Expiry and Max Retries

Overview

Applies To

Solution

Related topics