Password flows restart the flow and refresh the screen when OTP input

Problem statement

Users cannot log in to the App because they cannot input the OTP.


The users change windows in their mobile devices to copy the OTP, and when they come back the screen goes back to passwordless login email/SMS input.

Steps to reproduce

  • login with the Passwordless connection in a mobile app
  • Change windows to copy the OTP from other apps (SMS or Email)
  • Go back to input the OTP and check if the screen went back to login


Our mobile SDKs only keep the auth transaction state in memory (it’s not persisted). So if the mobile OS kills the App while the user goes to copy the OTP code, the auth process will have to be started again. Once the login transaction completes successfully, then cookies get set. But not before.


We’d suggest that you watch out for memory warnings from the OS to release all the memory you can to avoid the App getting killed.