One-time Password (OTP)

Customize your OTP authentication flow from the Descope console (Settings > Authentication Methods > One-time Password).

A one-time password (OTP) is an automatically generated string sent to the user during the onboarding (sign-up or sign-in) process to authenticate that user. The OTP can be sent to an email address, phone voice message, or a mobile phone as a SMS (text message).

A typical method for implementing OTP has two sets of functionality you need to program: user interaction and session verification.

Settings Summary

All Settings

Variables are displayed below and in the console as {{variable_name}}.

SettingVariableDetails
Enable method in API and SDKThis toggle switch enables or disables the authentication method from being available for use within API and SDK
Domain{{domain}}URL domain used in email or text message sent to the end user
Expiration time{{expirationTime}}length of time after which link or code expires
Number of retries and Attempts timeframe (seconds)Limit the number of communication attempts (email, text, or voice) a recipient can receive within the defined timeframe. If the limit is exceeded, no further messages will be sent until the timeframe resets.
Connector (Per Type)The configured connector to utilize to send the OTP code (See below for connector details). The default is Descope.
Template (Per Type)If you are using a customized connector, you can change the template of the email/sms which your user will receive. The default is System.

Additional Details

This section describes additional details about the configuration options available.

Expiration Time

For increased security, we recommend an expiration time of 3-5 minutes. A shorter expiration time limits how long a malicious actor has to attempt an attack (such as a dictionary or brute force attack) on the code or link.

Connectors

A full list of messaging related connectors can be found on our Connector Guide page.

Email Connectors

Descope supports sending email OTP messages using your email messaging provider, such as AWS SES, SendGrid, or a generic SMTP service. You can configure a email messaging connector by going to the connectors page within the Descope console and searching for the supported email messaging connectors. Then, on the OTP authentication method page, you can select the configured connector and customize the template if you would like.

Text Message (SMS) Connectors

Descope supports sending text messages using your text messaging provider, such as Twilio or Amazon SNS. You can configure a text messaging connector by going to the connectors page within the Descope console and searching for the supported text messaging connectors. Then, on the OTP authentication method page, you can select the configured connector and customize the template if you would like.

Voice Message Connectors

Descope supports sending voice OTP messages using your voice messaging provider, such as Twilio. You can configure a voice messaging connector by going to the connectors page within the Descope console and searching for the supported voice messaging connectors. Then, on the OTP authentication method page, you can select the configured connector and customize the template if you would like.

Was this helpful?

Previous

Implementing SSO from Scratch

Next

Flows

On this page

One-time Password (OTP)Settings SummaryAll SettingsAdditional DetailsExpiration TimeConnectorsEmail ConnectorsText Message (SMS) ConnectorsVoice Message Connectors