Temp Code Authentication
Authenticates the user using a temporary access code provided by customer support.
Description
This step is designed to authenticate users by validating a temporary access code manually issued by customer support. It is particularly useful for account recovery flows when users cannot authenticate through standard methods, such as losing their device, forgetting their credentials, or being unable to receive an OTP due to technical issues.
In such cases, customer support verifies the user’s identity using security questions, account details, or other manual verification methods. After verification, customer support generates a Temp Code by manually calling the /v1/auth/otp/send endpoint. The generated code is securely delivered to the user via offline methods such as a phone call, email, or secure messaging platform.
The user provides the Temp Code and a user identifier, such as their username, email, or phone number, in the client application. This information may be sent as a journey start parameter, or collected from the user during a journey using a Get information from client step. The step validates the provided identifier against the temporary code’s validity and expiration settings configured during code generation.
Upon successful validation, the user is authenticated, and the journey proceeds to the next step or branch as defined in the journey configuration. Tokens generated during authentication are accessible in subsequent steps using @policy.userTokens().
In case of failure, if the code is invalid or expired, the journey branches into a failure or custom logic path, such as retrying the process or terminating the session. Error details can be stored in the specified error output variable for further analysis or debugging. Error handling is fully configurable, allowing you to define custom behavior for failure scenarios, such as handling expired codes or invalid credentials.
info
For more information, see our Account Recovery with Temp Code guide for a comprehensive walkthrough of building a complete journey that includes this step.
Configuration
| Field | Description |
|---|---|
| External User ID | Expression that yields the user’s unique identifier (e.g., email, username, or phone number). |
| Temp Code | Expression that yields the Temp Code provided by the user. |
| Error Output Variable | Name of the variable that stores any errors encountered during validation (e.g., invalid code, expired code). |
| Failure Behavior | Determines the behavior in case of failure:
|
| Expiration Behavior | Determines the behavior if the Temp Code is expired:
|
Example
Consider a scenario where a bank user cannot access their personal account on the bank's website due to losing access to their device or forgetting their credentials. The user contacts customer support for assistance. After verifying the user's identity using security questions or account details, the support agent generates a temporary access code and securely provides it to the user, for example, via a phone call or secure messaging.
The Temp Code is generated by calling the /v1/auth/otp/send endpoint, which returns a code similar to 123456 (the code features vary based on the configuration in the platform).
The user then submits their identifier and the Temp Code through the bank's recovery form on the website. This information is passed to Mosaic's journey as custom start parameters or collected from the user during a journey using a Get information from client step, and validated in the Temp Code Authentication step, which is configured with the following dynamic expressions:
-
External User ID
:
@policy.request().params.external_user_id -
Temp Code
:
@policy.request().params.temp_code
During execution, the step verifies that the identifier and the temporary code are valid and correctly associated.
- If validation succeeds, the user is authenticated, and the journey proceeds to the next step or branch as configured.
- If the temporary code is expired, the journey proceeds to the "expired-code" branch or aborts, depending on the configuration.
- If the code is invalid, the journey proceeds to the "failure" branch or aborts.
Tokens generated upon successful validation are accessible in subsequent steps via @policy.userTokens().