What you describe is multi-factor authentication and not so much related to having a specific requirement for the format of a username. In addition, passwordless authentication is also a different thing because although it provides an option where it involves phones and SMS it would still be just one factor.
If you really need the user to provide two factors (username/password credentials and code delivered through SMS) in order to complete authentication then you should take a look at the reference documentation for multi-factor; have in mind that SMS is supported only for Auth0 Guardian.