Magic Auth
Maximize user experience and security with passwordless authentication.
Magic Auth is a passwordless authentication method that allows users to sign in or sign up via a unique, six digit one-time-use code sent to their email inbox.
AuthKit will make the necessary API calls to issue one-time-use codes via email and provide input verification and authentication automatically. If desired, you can send these emails yourself.
Important: Emails will not be sent from the production environment until you have configured a domain. See the Custom Domains guide for more information on how to configure this.
Magic Auth can be enabled in the Authentication section of the WorkOS dashboard. Users will then be able to sign in or sign up via Magic Auth on the AuthKit authentication page.
One-time-use codes expire after 10 minutes.
If you’d prefer to build and manage your own authentication UI, you can do so via the User Management Magic Auth API.
Examples of building custom UI are also available on GitHub.