Manage the authentication experience
Auth and access
Along with email and phone number, Kinde supports authentication where a username is the user’s sign-in identity.
On sign-up or registration, the user will need to do a one-time validation of their identity via email - for security - but they can subsequently use a username to sign in.
💡 Add usernames, but not for auth
Theusername
field is designed for use in the authentication flow, if you want your customers to set a username, display name, or handle as part of their profile in your app, you can add a different property to capture this data. See Add and manage properties.
There are several ways usernames can be added to a user’s profile:
Regardless of how a username is added, it must be unique. If a username already exists, an error will be returned.
For security reasons, Kinde doesn’t allow fully anonymous users. So when a user signs up, they will need to supply an email, in addition to a username. The email can then be used to verify their identity. The username can be supplied by you, or can be created by the user.
When a user signs in, they enter their username and proceed with a password.
Either way, it’s a quick process for sign in.
In order to be sure that you are signing up a real person, you need to have a way of contacting new users to verify their identity. Without identity verification, the authentication experience you provide could be vulnerable to security threats, fraud, bots, etc.
Once an email is verified, we add this email identity for the user. If in future, the authentication pattern changes, the user can opt to sign in with their email and receive OTPs. An email is also required for password resets.
Users can only have a single password in Kinde.
If you allow both email-password and username-password authentication for a user, the password is shared across both their identities. For example, changing a user’s password for username affects their email sign-in and vice-versa.
See the password rules.