You can allow end-users to register and login to your site, through Zephr, without entering a password.
This process uses email verification to authenticate the end user, and is called Passwordless Authentication.
The passwordless authentication process is as follows:
- An end user logs into your site and enters their email address
- An email containing an access link is sent to the end user
- The end user selects the access link in the email
- The link redirects the end user to your website and logs them in
The tokens generated for this access link can only be used once. If an end user tries to use the link again, an error displays and Zephr does not log them in.
You can define the length of time for which a token is valid in the Authentication configuration. If an end user selects the link after this time, the token is invalid and they are not be logged in. In this case, the end user must complete the process again. For further information on setting the timeout period for the verification link sent to the end user, see the Authentication topic.
You can configure passwordless authentication as described in the Allow Partial Registration topic.