Limiting OTP retries

You can change how many times a user can attempt to enter an OTP before they have to enter their email / phone number again (thereby force generating a new OTP). By default, this is set to 5 attempts, and can be modified by changing the passwordless_max_code_input_attempts core config:

With Docker
Without Docker
Managed service

docker run \
  -p 3567:3567 \
  -e PASSWORDLESS_MAX_CODE_INPUT_ATTEMPTS=3 \
  -d registry.supertokens.io/supertokens/supertokens-<db name>

# You need to add the following to the config.yaml file.
# The file path can be found by running the "supertokens --help" command

passwordless_max_code_input_attempts: 3

Navigate to your SuperTokens managed service dashboard, and click on the Edit Configuration button.
In there, change the values of the following fields, and click on save.

passwordless_max_code_input_attempts: 3

Auth Methods

Add ons

Limiting OTP retries