I have a custom login page that currently uses the API to send an e-mail or SMS to the client that requires the client to click a link to connect to my application.
I would like to know if there is a way to bypass the e-mail or SMS requirement and connect directly to my application from the custom login page. My application can interactively validate client information for security.
I still want Auth0 as the front end for user tracking etc. and would rather not have to drop Auth0 and handle my own IDP.
Hey there @symladmin! I would love to get more information from you on your ideal workflow and how Auth0 can help. I want to make sure we give you the ideal approach. Thanks!
What I would like to do is capture the link information with the token that gets sent in the e-mail from the custom Auth0 landing page and connect directly to that link without the e-mail step. The client would connect directly to my application once they enter their e-mail address or SMS information and click send.
Basically I want to change the send button to connect …
For new clients I capture some basic information and save it on the back end.
For re-visits, I can require verification of a piece of personal information on a revisit. Revisits are rare because this is a mortgage application and it gathers what is required right away.
FYI … there is no access to any personal or confidential information by the client in our application. The application is used strictly to ingest client information in a question and answer session so security is not a huge concern.
I wanted to follow up with you @symladmin, there is no way ideal way to bypass Auth0 authentication to your applicaiton. Passwordless wouldn’t be the solution you would want to implement here. You could try using the username and password with Auth0 lock, that way you don’t have to bypass Auth0 as your users would already be in place.
This would give you a level of security and the ability to track your users. Please let me know if you have any additional questions!
The point was users do not want to have pass words. We tried that route and it was not acceptable to our client base.
With a lack of utilizing Auth0 for the authentication of your application it’s hard to see a secure solution that we could recommend in this use case. Thank you for understanding.