Customize the one-time password
Configure OTP by changing the format or by modifying the token duration
Change the OTP format
By default, the generated OTP is 6 digits long and is numbers only. You can change this to be any length you like and have any character set by providing the getCustomUserInputCode function.
import SuperTokens from "supertokens-node";
import Passwordless from "supertokens-node/recipe/passwordless";
SuperTokens.init({
appInfo: {
apiDomain: "...",
appName: "...",
websiteDomain: "..."
},
recipeList: [
Passwordless.init({
contactMethod: "EMAIL", // This example will work with any contactMethod
// This example works with the "USER_INPUT_CODE_AND_MAGIC_LINK" and "USER_INPUT_CODE" flows.
flowType: "USER_INPUT_CODE_AND_MAGIC_LINK",
getCustomUserInputCode: async (userCtx) => {
// TODO:
return "123abcd";
},
})
]
});
Limit OTP retries
You can change how many times a user can attempt to enter an OTP before they have to enter their email / phone number again (thereby force generating a new OTP). By default, this value is 5 attempts, and you can modify it by changing the passwordless_max_code_input_attempts core configuration:
docker run \
-p 3567:3567 \
// highlight-start
-e PASSWORDLESS_MAX_CODE_INPUT_ATTEMPTS=3 \
// highlight-end
-d registry.supertokens.io/supertokens/supertokens-<db name>
Change the OTP lifetime
You can change how long a user can use an OTP or a Magic Link to log in by changing the passwordless_code_lifetime core configuration value. This value defaults to 900000 milliseconds (15 minutes).
Each new OTP / magic link generated, either by opening a new browser or by clicking on the "Resend" button, has a lifetime per the passwordless_code_lifetime setting.
docker run \
-p 3567:3567 \
// highlight-start
-e PASSWORDLESS_CODE_LIFETIME=60000 \
// highlight-end
-d registry.supertokens.io/supertokens/supertokens-<db name>