Session Model
tiun identifies users without passwords and without OAuth. Identity is established through email and one-time passcode (OTP) verification, using the @tiun/sdk package in your app.
How authentication fits in
There are two ways users can authenticate:
Through checkout — Authentication is built into the payment flow. The user enters their email (and completes OTP where required) as part of checkout, so they end up signed in when the purchase completes.
Through dedicated login — Call
tiun.login()to open tiun’s login overlay when you need sign-in without starting a purchase.
Login flow
Returning user: They enter their email. Because a phone number is already linked to their account, the OTP code is sent to their phone via SMS.
New user: They enter their email and phone number. The OTP code is sent to the phone to verify and link it.
Fallback: If the SMS doesn't arrive, there is an option to resend the code to the email instead.
After a successful flow, tiun.getUser() returns the current user, including userId, email, and productAccess (what they are entitled to based on their subscriptions).
Session persistence
tiun manages sessions for you. On the same browser, returning visitors are recognized automatically. When the page loads and a session is restored, the userChange event fires with event: 'init', so your UI can align with the current user without extra calls.
Logout
Call tiun.logout() to clear the session on this device. After logout, treat the user as unauthenticated until they sign in or complete checkout again.
Authentication applies to subscription products. For time-based billing, access is driven by paywall events — you do not rely on user identity in the same way. See the core concepts for time-based access.
Last updated
Was this helpful?