Request a one-time password for a database connection user identified by email.
Calls POST /otp/challenge and returns an opaque authSession token. The challenge
always returns successfully regardless of whether the user exists
(user-enumeration prevention). If the user does not exist and allowSignup is
false, or if the user is blocked, the returned authSession will be non-functional
and loginWithOtp will fail with invalid_request.
A successful response does not guarantee an OTP was delivered.
Database connection name, email address, and optional signup flag.
Request a one-time password for a database connection user identified by phone number.
Same 200-always contract as challengeWithEmail.
Database connection name, phone number, optional delivery method, and signup flag.
Exchange an authSession and user-entered OTP for tokens and establish a session.
Throws PasswordlessDbGetTokenError with error: "invalid_request" if the
authSession was non-functional (blocked user, signup disabled for a non-existent
user, wrong OTP, or expired session).
The authSession from a prior challenge call and the user's OTP.
Starts a passwordless authentication flow by sending an OTP or magic link to the user's email address or phone number.
For magic link (send: 'link') in App Router, the transaction cookie is
written via next/headers automatically. In Pages Router, pass explicit
req and res so the cookie can be set on the response.
Connection type and user identifier.
Verifies the OTP entered by the user and establishes an authenticated session.
Connection type, user identifier, and OTP code.
Public interface for the passwordless client. Accessible via
auth0.passwordlessafter initialization.