This post explains the most common flow of secure login using the combination of username, email, and mobile number. Below listed are the steps involved in this flowchart. You can also follow our Secure Registration Flow showing the registration process with the same combinations.
Input Fields Combination
Username & Password can be used to uniquely identify and verify the user. The user must provide the registered username with the correct password in order to log in.
Email & Password is another way to uniquely identify and verify the user. The user must provide the registered email with the correct password in order to log in.
Mobile Number is becoming more common nowadays and it needs access to an SMS gateway to send the OTP for login.
Form Process
The user will be provided with the form having fields as part of the login process based on the application needs. The user fills the form and submits it for creating the account. The form must be validated on the client side to reduce the load on the server before it's submitted to the server. The user must be provided with appropriate errors on validation failure.
The form data will be sent to the server after client-side validation succeed and there must be server-side validation without relying on client-side validation. The server must check all the fields and user existence using the given registered Username or Email or Mobile Number.
On successful validation of form fields, the user can be allowed to log in to the application using the correct password or OTP.
Email Flow
The process involves username or email field and the same will be used to identify the user. The system must log in the user using the given password. Appropriate errors must be shown in case of login failure.
OTP Flow
OTP is becoming more common to log in the user. The application sends an OTP using the SMS Gateway. The user must provide the same OTP to log in.