Create Secure Way to Log Passwordless User In

mjrudin · January 6, 2022, 9:54pm

Today Bubble limits user objects to use emails as the primary authentication method.

This is outdated, as top apps like Facebook/Instagram/TikTok/Twitter all use Phone Number as the primary authentication method and use one-time SMS codes to log people in.

Right now, Bubble doesn’t natively support letting a developer build a workflow for a user to signup with phone number (assigned a random password they never see) and then log them in later on after they successfully confirm their one-time SMS code.

The work around is to assign a temporary password to the user and then call the “log the user in” workflow using the result of the temporary password action, but that doesn’t seem very secure since it requires doing things in the frontend and also making the user email field searchable by logged out users (since the “Assign Temp Password” workflow takes in a user, not an email address).

Other ideas?

progressier · January 7, 2022, 9:43am

I haven’t tested them personally, but there are Bubble plugins for passwordless authentication. Check this one and this one.

I wouldn’t exactly call email authentication “outdated” though. This is still by far the most common authentication method on the Internet.

lantzgould · January 7, 2022, 2:57pm

Check out Auth0

deepayan · February 21, 2022, 12:29pm

You can try Secqure Passwordless Authentication for Bubble. Its easy to integrate with Email magic link/OTP and also provide global SMS OTP capabilities.

gaimed · February 21, 2022, 1:39pm

I build it using bubble. Very easy!

harab.business · February 23, 2022, 5:06pm

Hi,
Can you help me with creating the SMS OTP verification login please?

secqure · February 26, 2022, 6:08am

hey, you can check our bubble document https://docs.secuuth.io/no-codes/bubble
The Authentication mode (Magic Link or OTP) you can setup in secqure dashboard.
I can able to help you in this in secure passwordless login forum.