Stateless OTP Login in FastAPI with JWT and Redis
Railway removed passwords entirely. You enter your email, get a six-digit code, and you are in. No password field, no "forgot password" flow, no credential database to rotate when the breach happens. This post implements the same pattern in FastAPI: a stateless OTP login that stores nothing in the database, embeds the code in a signed JWT, and enforces single-use via Redis. The full flow is under 120 lines of application code.