Actions

When using Web SDK methods for email OTP, SMS OTP, WhatsApp OTP, or authenticator app, you must first track an action using a Server SDK to generate a short-lived token. This token is valid for 10 minutes by default and authorizes a window in which Web SDK methods can be used to authenticate the user associated with the token.

const request = {
  userId: "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833",
  action: "signIn",
};

const response = await authsignal.track(request);

const token = response.token;

For enrollment flows, you must also specify the scope add:authenticators when tracking the action if the user already has an existing authenticator. For more detail refer to our guide on how to ensure a strong binding when adding authenticators.

Then you can use the SDK’s setToken method. You must use the same token for the initial enroll/challenge call and the subsequent verify call.

authsignal.setToken("eyJhbGciOiJ...");

// Send the user an email OTP code
// You can call this multiple times via a 'resend' button
await authsignal.email.challenge();

// Verify the inputted code matches the original code
const response = await authsignal.email.verify({ code: "123456" });

Launching the pre-built UIUse the Authsignal Web SDK to launch the pre-built UI.

⌘I

Server

Client

Call Connect

Server

Client

Call Connect

Documentation Index