Phone + Password

For mobile-first regions and apps where a phone number is the primary identifier.

Server config

NestAuthModule.forRoot({
  emailAuth: { enabled: false },         // optional: turn off email
  phoneAuth: { enabled: true },
  registration: { enabled: true },
});

You can have both emailAuth and phoneAuth enabled simultaneously — users may sign up with whichever they prefer.

Endpoints

Method	Path	Purpose
`POST`	`/auth/signup`	Create a user with `{ phone, password, … }`
`POST`	`/auth/login`	Login with `{ providerName: 'phone', credentials: { phone, password } }`

Client call

await client.signup({
  phone: '+15551234567',
  password: 'correct horse battery staple',
});
 
await client.login({
  providerName: 'phone',
  credentials: { phone: '+15551234567', password: 'correct horse battery staple' },
});

Use E.164 (+<country><number>). The library exports normalizedPhone(phone) for consistent handling — call it everywhere you accept user-entered numbers, so (555) 123-4567 and +15551234567 resolve to the same identity. See the normalize-email-phone recipe.

Phone verification

Distinct from login. After signup, the user's phone is unverified until they confirm it.

await client.sendPhoneVerification();   // emits PhoneVerificationRequestedEvent — your listener sends SMS
await client.verifyPhone({ code: '123456' });

The user record's phoneVerifiedAt is set on success.

Email + Password.
Passwordless OTP — phone login without a password.
Sending SMS.

Server config

Endpoints

Client call

Phone format & normalization

Phone verification

On this page

Phone + Password

Server config

Endpoints

Client call

Phone format & normalization

Phone verification

Related

On this page