🔐 Passwordless Activation in REL-ID

✅ What is Passwordless Activation?

Passwordless activation refers to an onboarding flow in which the user is not required to set or enter a password. Instead, alternative secure methods such as OTPs, activation codes, or document-based ID verification (IDV) are used to authenticate and register the user and their device.

🛠️ Methods Used in Passwordless Activation

🔒 Benefits of Passwordless Activation

• Improved UX: No password complexity or resets.
• Higher Security: One-time codes or biometrics reduce password reuse risks.
• Mobile-First: Optimized for app flows where biometric or OTP login is more natural.
• Enterprise-Friendly: Suits managed devices or field staff with limited UI needs.

🔧 How SDK Handles It

• The REL-ID SDK skips the getPassword event entirely.
• Backend config (IS_USER_PASS = false) determines this behavior.
• Activation completes using OTP + LDA + optional IDV/secret questions.

🧭 Passwordless Activation Flow (Mermaid Diagram)

flowchart TD
    A["🚀 App Launches & Calls initialize()"] --> B["📝 getLoginId"]
    B --> C["🔡 setUser()"]
    C --> D["🔢 getActivationCode or OTP"]
    D --> E["🔐 setActivationCode() or setOTP()"]
    E --> F{"🧠 IDV Required?"}
    F -- "✅ Yes" --> G["📸 IDV Document Capture + Selfie"]
    G --> H["🧾 Confirm IDV Verification"]
    H --> I["✔️ Proceed"]
    F -- "❌ No" --> I
    I --> J["🔒 getUserConsentForLDA"]
    J --> K["✅ setUserConsentForLDA()"]
    K --> L["🎉 onUserLoggedIn"]

📌 Developer Notes

• Make sure password step is not forced in backend challenge configuration.
• Use event handlers to skip setPassword() if it's not triggered.
• Ensure LDA and OTP flows are tested across edge cases.