Add SMS-based passwordless login
A plugin for implementing passwordless authentication in Medusa
This plugin requires:
npm install @devx-commerce/passwordless1{2 resolve: "@medusajs/medusa/auth",3 options: {4 providers: [5 {6 resolve: `@devx-commerce/passwordless/providers/passwordless`,7 id: "passwordless",8 options: {9 jwtSecret: "secret", // JWT secret for token generation10
11 limeChatOptions: {12 webhookUrl: process.env.LIMECHAT_WEBHOOK_URL,13 typeId: process.env.LIMECHAT_TYPE_ID,14 },15
16 // Optional configuration17 codeLength: 6, // Length of verification code (default: 4)18 codeExpiryMinutes: 10, // Code expiration time in minutes (default: 15)19 maxAttempts: 5, // Maximum verification attempts (default: 3)20 smsRateLimitMinutes: 5, // Time between SMS requests in minutes (default: 10)21 blockDurationMinutes: 10, // Block duration after max attempts in minutes (default: 5)22
23 }24 }25 ]26 }27}Authentication Flow:
Security Features:
The plugin provides two main endpoints:
1POST /auth/customer/passwordless2{3 "phone": "+1234567890"4}1POST /auth/customer/passwordless/callback2{3 "phone": "+1234567890",4 "code": "1234"5}Phone numbers must be in E.164 format:
The plugin provides clear error messages for various scenarios: