Actions
Passwordless login
Learn how to implement passwordless authentication flows using Authsignal actions.
Actions can be used to implement passwordless authentication, where Authsignal serves as the primary authentication method instead of traditional passwords. This approach eliminates password-related security risks while providing a smooth user experience.
Passwordless login flow
In a passwordless flow, you track an action to initiate the authentication challenge directly, without validating a password first:
Implementation
- Look up the user by their identifier (email, username) in your database or external identity provider
- Track the authentication action for the identified user:
-
Handle the response based on the action state:
- If
CHALLENGE_REQUIRED
: Present the authentication challenge - If
ALLOW
: Complete the login (user may have been auto-authenticated) - If
BLOCK
: Deny access - If
REVIEW
: Review the challenge
- If
-
Follow the standard integration steps covered in actions getting started to launch the challenge URL and validate the result
Combining passwordless with rules
You can combine rules with actions to create passwordless flows:
Progressive authentication
- Low risk: Email magic link
- Medium risk: Email OTP or SMS
- High risk: Passkey authentication
Context-aware authentication
- Known devices: Auto-allow or simple OTP
- New devices: Require passkey or stronger authentication
- Suspicious activity: Block or require multiple factors