Manage the authentication experience
Auth and access
Along with email and phone number, Kinde supports authentication where a username is the user’s sign-in identity.
On sign-up or registration, the user will need to do a one-time validation of their identity via email - for security - but they can subsequently use a username to sign in.
There are several ways usernames can be added to a user’s profile:
Regardless of how a username is added, it must be unique. If a username already exists, an error will be returned.
For security reasons, Kinde doesn’t allow fully anonymous users. So when a user signs up, they will need to supply an email, in addition to a username. The email can then be used to verify their identity. The username can be supplied by you, or can be created by the user.
When a user signs in, they enter their username and proceed with a password or a passwordless OTP.
Either way, it’s a quick process for sign in.
In order to be sure that you are signing up a real person, you need to have a way of contacting new users to verify their identity. Without identity verification, the authentication experience you provide could be vulnerable to security threats, fraud, bots, etc.
Once an email is verified, we add this email identity for the user. If the auth method is passwordless, this is where we send the OTPs. An email is also required for password resets.
Users can only have a single password in Kinde.
If you allow both email-password and username-password authentication for a user, the password is shared across both their identities. For example, changing a user’s password for username affects their email sign-in and vice-versa.
See the password rules.