Learn
Implement secure, passwordless login with Okto NextJS SDK using WhatsApp-based OTPs. Learn session handling, token verification, and automated OTP delivery.
This document describes the authentication flow using WhatsApp One-Time Passwords (OTP) with the Okto SDK. Learn how to implement secure user authentication using WhatsApp verification integrated with Okto's infrastructure.
What is WhatsApp OTP Authentication?
WhatsApp OTP authentication is a secure method that verifies user identity through one-time passwords sent via WhatsApp. This authentication method provides:
- Secure verification using time-limited codes
- Simple user experience with no password management
- WhatsApp number ownership verification
- Automated OTP delivery and validation
Authentication Flow
Note
To implement WhatsApp OTP Authentication in your application, follow the WhatsApp Authentication guide.
1. OTP Generation Phase
During this phase, the client application initiates the process by calling send OTP API with the user's WhatsApp number through the Okto SDK. The SDK forwards this request to the Okto Server, which generates a unique OTP through a WhatsApp provider and initiates a session timer.
2. WhatsApp Delivery Phase
Once the OTP is generated, the provider sends the OTP to the user's WhatsApp number. The server returns a token along with a confirmation that the OTP has been sent. The user receives the OTP in their WhatsApp inbox, typically within a few moments. The OTP is valid for 5 minutes.
3. OTP Verification Phase
After receiving the OTP, the user enters it in the client application. The application then calls the Verify OTP API with three parameters: the WhatsApp number, the entered OTP, and the session token received earlier. The Okto SDK forwards these credentials to the Okto Server for validation.
Additionally, there's a 4th optional parameter — an onSuccess callback function — that can be passed. This function will be triggered upon successful login, allowing you to handle post-login behavior.
4. Authentication Completion
The Okto Server verifies the provided OTP against the stored value and checks if it's still within the valid timeframe. Upon successful verification, the server generates an authentication token and returns it to the client application through the SDK, establishing a secure session.
Conclusion
WhatsApp OTP authentication provides a secure and user-friendly way to verify user identity. By following the implementation guides, you can create a robust authentication system that balances security with user experience. The 5-minute validity period ensures security while giving users adequate time to complete the authentication process.
Email Authentication
Authenticate users via email using Okto's NextJS SDK with sendOTP, resendOTP, and loginUsingEmail methods for secure, token-based session management.
Whatsapp Authentication
Authenticate users via WhatsApp using Okto's NextJS SDK with sendOTP, resendOTP, and loginUsingWhatsApp methods for secure, token-based session management.