Skip to content

Passwordless

Passwordless package allows you to create a login for users without the need for user to provide password. Upon registering or login an email is sent to the user's email with a code to enter to confirm login and a link to login directly. Since the user is responding to the email it will also verify the email.

The first step to in the passwordless process is for the user to sign-up or request a token to their email address. You can do that with the following:

Accounts.requestLoginTokenForUser

Client only

Summary:

Request a login token.

Arguments:

Source code
NameTypeDescriptionRequired
optionsObjectYes
callbackfunction

Optional callback. Called with no arguments on success, or with a single Error argument on failure.

No

Options:

NameTypeDescriptionRequired
selectorString

The email address to get a token for or username or a mongo selector.

No
userDataString

When creating a user use this data if selector produces no result.

No
optionsObject

For example userCreationDisabled.

No
js
import { Accounts } from "meteor/accounts-base";


const result = Accounts.requestLoginTokenForUser();
  options,
() => {}, // this param is optional
);

If the user is signing up you can pass in the userData object like in Accounts.createUser.

Meteor.passwordlessLoginWithToken

Client only

Summary:

Log the user in with a one time token.

Arguments:

Source code
NameTypeDescriptionRequired
selectorObject or String

Username, email or custom selector to identify the user.

Yes
tokenString

one time token generated by the server

Yes
callbackfunction

Optional callback. Called with no arguments on success, or with a single Error argument on failure.

No
js
import { Meteor } from "meteor/meteor";


const result = Meteor.passwordlessLoginWithToken();
  selector,
"token",

() => {}, // this param is optional
);

The second step in the passwordless flow. Like all the other loginWith functions call this method to login the user with the token they have inputted.

Accounts.sendLoginTokenEmail

Server only

Summary:

Send an email with a link the user can use to login with token.

Arguments:

Source code
NameTypeDescriptionRequired
optionsObjectYes

Options:

NameTypeDescriptionRequired
userIdString

The id of the user to send email to.

No
sequenceString

The token to be provided

No
emailString

Which address of the user's to send the email to.

No
extraObject

Optional. Extra properties

No
js
import { Accounts } from "meteor/accounts-base";

/** @returns Object */
const result = Accounts.sendLoginTokenEmail();
  options
);

Use this function if you want to manually send the email to users to login with token from the server. Do note that you will need to create the token/sequence and save it in the DB yourself. This is good if you want to change how the tokens look or are generated, but unless you are sure of what you are doing we don't recommend it.

Settings Options

You can use the function Accounts.config in the server to change some settings on this package:

  • tokenSequenceLength: use Accounts.config({tokenSequenceLength: _Number_}) to the size of the token sequence generated. The default is 6.

  • loginTokenExpirationHours: use Accounts.config({loginTokenExpirationHours: _Number_}) to set the amount of time a token sent is valid. As it's just a number, you can use, for example, 0.5 to make the token valid for just half hour. The default is 1 hour.

E-mail templates

accounts-passwordless brings new templates that you can edit to change the look of emails which send code to users. The email template is named sendLoginToken and beside user and url, the templates also receive a data object with sequence which is the user's code.

javascript
sendLoginToken: {
  text: (user, url, { sequence }) => {
    /* text template */
  };
}

Enable 2FA for this package

You can add 2FA to your login flow by using the package accounts-2fa. You can find an example showing how this would look like here.