Manage the authentication experience
Auth and access
Username authentication
Along with email and phone number, Kinde supports authentication where a username is the user’s sign-in identity.
On sign-up or registration, the user will need to do a one-time validation of their identity via email - for security - but they can subsequently use a username to sign in.
💡 Add usernames, but not for auth
Theusernamefield is designed for use in the authentication flow, if you want your customers to set a username, display name, or handle as part of their profile in your app, you can add a different property to capture this data. See Add and manage properties.
Usernames must be unique
Link to this sectionThere are several ways usernames can be added to a user’s profile:
- Manually in Kinde
- Via API
- Self-created by the user on registration
Regardless of how a username is added, it must be unique. If a username already exists, an error will be returned.
The sign-up flow
Link to this sectionFor security reasons, Kinde doesn’t allow fully anonymous users. So when a user signs up, they will need to supply an email, in addition to a username. The email can then be used to verify their identity. The username can be supplied by you, or can be created by the user.
The sign-in flow
Link to this sectionWhen a user signs in, they enter their username and proceed with a password.
Either way, it’s a quick process for sign in.
Why an email is still required
Link to this sectionIn order to be sure that you are signing up a real person, you need to have a way of contacting new users to verify their identity. Without identity verification, the authentication experience you provide could be vulnerable to security threats, fraud, bots, etc.
Once an email is verified, we add this email identity for the user. If in future, the authentication pattern changes, the user can opt to sign in with their email and receive OTPs. An email is also required for password resets.
Enable username authentication in Kinde
Link to this section- In Kinde, go to Settings > Authentication.
- Select Configure on the Username tile, in the Password section. A configuration window opens.
- Select which apps will support username authentication.
- Select Save. The sign up flow will be updated for the applications you selected.
Rules for usernames
Link to this section- Usernames must be unique
- 2-64 characters, no spaces
- Can include letters, numbers, -dashes, _underscores (no special characters)
One password for multiple identities
Link to this sectionUsers can only have a single password in Kinde.
If you allow both email-password and username-password authentication for a user, the password is shared across both their identities. For example, changing a user’s password for username affects their email sign-in and vice-versa.
See the password rules.