Skip to content

feat(auth): add passwordless email otp routes #20028

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
StaberindeZA wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

feat(auth): add passwordless email otp routes #20028

StaberindeZA wants to merge 1 commit into from

Conversation

@StaberindeZA
Copy link
Contributor

@StaberindeZA StaberindeZA commented Feb 10, 2026

Because

  • Add necessary backend changes to enable passwordless signup and signin with email OTP.

This pull request

  • Adds PasswordlessHandler route handler
  • Adds passworldess send/resend/confirm routes
  • Adds tests for PasswordlessHandler

Issue that this pull request solves

Closes: # FXA-13014

Checklist

Put an x in the boxes that apply

  • My commit is GPG signed.
  • If applicable, I have modified or added tests which pass locally.
  • I have added necessary documentation (if appropriate).
  • I have verified that my changes render correctly in RTL (if appropriate).

Screenshots (Optional)

Please attach the screenshots of the changes made in case of change in user interface.

Other information (Optional)

Any other information that is important to this pull request.

@StaberindeZA
feat(auth): add passwordless email otp routes
47316ef 
Because:

- Add necessary backend changes to enable passwordless signup and
  signin with email OTP.

This commit:

- Adds PasswordlessHandler route handler
- Adds passworldess send/resend/confirm routes
- Adds tests for PasswordlessHandler

Closes #FXA-13014
vbudhram
vbudhram reviewed Feb 11, 2026
View reviewed changes
Copy link
Contributor

@vbudhram vbudhram left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just did a first pass mostly nits

packages/fxa-auth-server/lib/routes/passwordless.ts
authSalt,
clientSalt: undefined,
verifierVersion: this.config.verifierVersion,
verifyHash: Buffer.alloc(32).toString('hex'),
Copy link
Contributor

@vbudhram vbudhram Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not for this PR, but we do this in alot of places but might make sense to store a random value instead of 0s.

packages/fxa-auth-server/lib/routes/passwordless.ts

constructor(
private log: AuthLogger,
private db: any,
Copy link
Contributor

@vbudhram vbudhram Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have been moving towarding away from any types. These types should be defined in other routes so can use them.

packages/fxa-auth-server/test/local/routes/passwordless.js
}).then(assertions);
}

describe('/account/passwordless/send_code', () => {
Copy link
Contributor

@vbudhram vbudhram Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We will probably want to add some tests for the account.ts changes as well. Verify the passwordlessSupported is returned.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vbudhram vbudhram vbudhram left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@StaberindeZA @vbudhram