Goal:The user wants to access the Customer Application/Service using passwordless authentication, eliminating the need to enter a traditional password.

• The user accesses the Sign-In User Interface (UI) of the Customer Application/Service.
• The user enters their registered email address and submits the form.
• The Customer Application generates a unique token and sends it to the user's email address.
• The user receives the token in their email inbox.
• The user copies the received token from their email client.
• The user returns to the Sign-In UI and pastes the copied token into the provided field.
• The Customer Application verifies the token's validity.
• Upon successful token verification, the user gains access to the Customer Application/Service.

• If the email address provided by the user is not registered:
• The Customer Application informs the user that the email address is not associated with any account and prompts them to use a registered email address.

• The user must have a registered account in the Customer Application.
• The user's email address must be verified and associated with their account.

• The user gains access to the Customer Application/Service without entering a traditional password.

• Network connection errors between the user's device and the Customer Application.
• The email containing the token is not delivered due to email server issues.
• The token has expired by the time the user tries to use it.

• The user initiates the process by accessing the Sign-In UI and requesting passwordless authentication.
• This use case describes the interaction between the user and the passwordless authentication system during the process of accessing the Customer Application/Service. Passwordless authentication provides a more convenient and secure way for users to log in without relying on traditional passwords, enhancing user experience and reducing the risks associated with password-based authentication.

• Traditional username-password authentication methods can lead to user frustration, forgotten passwords, and increased abandonment rates during the registration process.

• Traditional username-password authentication methods can lead to user frustration, forgotten passwords, and increased abandonment rates during the registration process.

• Cripsa's Passwordless Login offers a smoother and more secure authentication journey:

• The developer registers with Cripsa at cripsa.com to access developer tools.

• The developer requests authentication access from Cripsa's Passwordless App to integrate the solution into their project.

• Project Setup:The developer logs in and creates a new Passwordless project.
• Project Details: Cripsa provides the developer with essential project details: Client ID, Client Secret, User Pool ID, and User Pool Domain.

• Implementation: The developer integrates the SignIn screen using API endpoints "signIn" and "responseToAuth".
• UI Design: The SignIn screen prompts the user to input their email.
• Login Button: The user clicks the "Login" button to proceed.

• OTP/Magic Link Prompt: Upon email submission, the user is directed to the OTP screen.
• OTP or Magic Link: Depending on the user's preference, they receive an OTP, magic link, or both on their email.

• Session ID: When the user receives the OTP or clicks the magic link, a session ID is generated.
• Backend Interaction: The user inputs the OTP, and the "responseToAuth" API is called with session ID and OTP.

• Verification: Cripsa verifies the session ID and OTP against the user's email.
• Token Response: Upon successful verification, Cripsa responds with tokens: Refresh Token, ID Token, and Access Token.

• Token Utilization: The developer's backend uses these tokens for future authentications.
• User Redirect: With a successfully established user session, the user is redirected to the relevant page of the customer portal.

• Passwordless Convenience: Users experience a frictionless login process without passwords.
• Enhanced Security: OTP and Magic Link methods provide secure user verification.
• Enhanced Security: OTP and Magic Link methods provide secure user verification.
• Enhanced Security: OTP and Magic Link methods provide secure user verification.