accounts-passwordless

Documentation of Meteor's `accounts-passwordless` package.

Passwordless package allows you to create a login for users without the need for user to provide password. Upon registering or login an email is sent to the user’s email with a code to enter to confirm login and a link to login directly. Since the user is responding to the email it will also verify the email.

The first step to in the passwordless process is for the user to sign-up or request a token to their email address. You can do that with the following:

Request a login token.

Arguments

callback Function

Optional callback. Called with no arguments on success, or with a single Error argument on failure.

Options

selector String

The email address to get a token for or username or a mongo selector.

userData String

When creating a user use this data if selector produces no result.

options Object

For example userCreationDisabled.

If the user is signing up you can pass in the userData object like in Accounts.createUser.

Log the user in with a one time token.

Arguments

selector Object or String

Username, email or custom selector to identify the user.

token String

one time token generated by the server

callback Function

Optional callback. Called with no arguments on success, or with a single Error argument on failure.

The second step in the passwordless flow. Like all the other loginWith functions call this method to login the user with the token they have inputted.

Send an email with a link the user can use to login with token.

Options

userId String

The id of the user to send email to.

sequence String

The token to be provided

email String

Which address of the user's to send the email to.

extra Object

Optional. Extra properties

Use this function if you want to manually send the email to users to login with token from the server. Do note that you will need to create the token/sequence and save it in the DB yourself. This is good if you want to change how the tokens look or are generated, but unless you are sure of what you are doing we don’t recommend it.

Settings Options

You can use the function Accounts.config in the server to change some settings on this package:

  • tokenSequenceLength: use Accounts.config({tokenSequenceLength: _Number_}) to the size of the token sequence generated. The default is 6.

  • loginTokenExpirationHours: use Accounts.config({loginTokenExpirationHours: _Number_}) to set the amount of time a token sent is valid. As it’s just a number, you can use, for example, 0.5 to make the token valid for just half hour. The default is 1 hour.

E-mail templates

accounts-passwordless brings new templates that you can edit to change the look of emails which send code to users. The email template is named sendLoginToken and beside user and url, the templates also receive a data object with sequence which is the user’s code.

sendLoginToken: {
  text: (user, url, { sequence }) => { /* text template */ }
}

Enable 2FA for this package

You can add 2FA to your login flow by using the package accounts-2fa. You can find an example showing how this would look like here.

Edit on GitHub
// search box