# `mix ash_authentication.add_strategy.otp`
[🔗](https://github.com/team-alembic/ash_authentication/blob/main/lib/mix/tasks/ash_authentication.add_strategy.otp.ex#L7)

Adds one-time password (OTP) authentication to your user resource

Adds the OTP strategy to your user resource — passwordless authentication
via a short code (e.g. `XKPTMH`) sent via email or SMS.

Brute-force protection is required by the strategy. By default this task
composes an `audit_log` add-on (creating one if it doesn't already exist)
and wires `brute_force_strategy {:audit_log, :audit_log}` into the
strategy.

## Example

```bash
mix ash_authentication.add_strategy.otp
```

## Options

* `--user`, `-u` - The user resource. Defaults to `YourApp.Accounts.User`
* `--identity-field`, `-i` - The field on the user resource that will be
  used to identify the user. Defaults to `email`
* `--name`, `-n` - The name of the OTP strategy. Defaults to `otp`.

## Notes

`registration_enabled?: true` (sign-in becomes an upsert) is not currently
supported by this task because the verifier forbids the `:audit_log`
brute-force strategy in registration mode, and the alternatives
(`:rate_limit` or `{:preparation, ...}`) require user-supplied
configuration. Add the strategy by hand and follow the OTP tutorial if you
need that mode.

# `igniter`

---

*Consult [api-reference.md](api-reference.md) for complete listing*