Mobile Native SMS or Email Authorization

Hello there,

I have been reading the documentation regarding the passwordless authentication using SMS or Email, and I would be interested on using it to protect some endpoints of my backend API.

My users will use a mobile native application, and the will login and signup using their credentials. For example, I will have two endpoints like:
/onboarding (sign up)
/reboarding (login)

Since these endpoints will receive the password of the user, I would like to protect them better having authorised the user through email or SMS in advance. This way, my idea of how the flow should work is like:

Signup flow:

  • User types their email in the app.
  • An email is set to the user with a code.
  • The user types the received code in the app.
  • The user receives an auth token that allow them to only use the /onboarding endpoint.
  • The user can signup using the auth token and their credentials.
  • The server will implement: for further providing authorization to other endpoints/resources.

For the sms or email code I looked at:
but it looks that it is deprecated. Is there still any way of using this flow natively (with custom UI), from a mobile application (REST interface)?

Thank you.