Passwordless Login

Potato supports passwordless authentication for low-stakes annotation tasks where security is less critical than ease of access. This allows annotators to log in with just a username, without requiring a password.

Overview

Passwordless login is useful when:

• Running quick annotation studies with volunteers
• Conducting internal team annotation sessions
• Testing annotation configurations
• Working with crowdsourcing platforms that handle authentication externally
• Running classroom exercises or demos

Configuration

Enable passwordless login by setting require_password: false:

require_password: false
 
# Optional: Specify authentication method
authentication:
  method: in_memory  # Default

Authentication Methods

Potato supports three authentication backends, all compatible with passwordless mode:

In-Memory (Default)

Users are stored in memory only. Data is lost when the server restarts.

require_password: false
authentication:
  method: in_memory

Database

Users are persisted to a database:

export POTATO_DB_CONNECTION="sqlite:///users.db"

require_password: false
authentication:
  method: database

Clerk SSO

Integration with Clerk for enterprise single sign-on:

export CLERK_API_KEY="your_api_key"
export CLERK_FRONTEND_API="your_frontend_api"

authentication:
  method: clerk

How It Works

With Passwordless Enabled

1. User visits the login page
2. User enters only their username
3. System creates or authenticates the user without password verification
4. User proceeds to annotation

User Registration

In passwordless mode:

• New users are automatically registered on first login
• Only the username is required
• Additional user data (if configured) is still collected

Security Considerations

Passwordless mode provides minimal security:

• No identity verification: Anyone can claim any username
• Session hijacking: Sessions can be easily impersonated
• No audit trail integrity: User actions cannot be cryptographically verified

Recommended uses:

• Internal team annotation
• Classroom exercises
• Quick prototyping
• Platforms with external authentication (Prolific, MTurk)

Not recommended for:

• Sensitive data annotation
• Medical or legal annotation tasks
• Tasks requiring verified annotator identity
• Long-running studies with incentives

User Configuration File

Even in passwordless mode, you can pre-register users:

authentication:
  user_config_path: users.jsonl

users.jsonl:

{"username": "annotator1"}
{"username": "annotator2"}
{"username": "admin", "role": "admin"}

Migration

From Password-Required to Passwordless

1. Update configuration:

   yamlCopy

   require_password: false

2. Existing users can still log in with or without their password

From Passwordless to Password-Required

1. Update configuration:

   yamlCopy

   require_password: true

2. Existing passwordless users will need to register with a password

Complete Example

annotation_task_name: "Quick Annotation Task"
 
# Enable passwordless login for easy access
require_password: false
 
# Use database backend to persist users
authentication:
  method: database
 
# Task configuration
data_files:
  - data/instances.json
 
item_properties:
  id_key: id
  text_key: text
 
annotation_schemes:
  - name: sentiment
    annotation_type: radio
    labels: [Positive, Negative, Neutral]
    description: "Select the sentiment"

Troubleshooting

Users Can't Log In

Check that:

1. require_password: false is set in the configuration
2. The authentication backend is properly initialized
3. There are no conflicting authentication settings

User Data Not Persisting

If using in_memory backend:

• User data is lost on server restart
• Switch to database backend for persistence

Duplicate Username Errors

In passwordless mode, users trying to register with an existing username are simply logged in as that user. This is by design for ease of use.

Further Reading

• User Management - User management features
• Crowdsourcing Integration - Platform integration

For implementation details, see the source documentation.