I’m sorry, but the knowledge sources provided don’t state the default expiration (lifespan) for the one-time login code sent via email in the login flow. They do confirm that the login email template exposes an ExpiresInMinutes variable (so codes do expire), but no default duration is specified in these docs. [[Available variables](https://www.ory.sh/docs/kratos/emails-sms/custom-email-templates#available-variables)] If you can share your project’s Identities configuration, I can help you check the configured value. Alternatively, if you’re using MFA codes (not passwordless), the docs mention such codes are “usually 15 minutes or less,” but that note is specific to MFA and not the passwordless login code, so it shouldn’t be assumed for login codes. [[SMS and Email 2FA](https://www.ory.sh/docs/kratos/mfa/mfa-via-sms)]

A message from kapa.ai

You can change the lifespan of the sign-in (one-time) code by configuring the “code” method lifespan in your Ory Identities (Kratos) config. This value controls how long the emailed code remains valid. - Ory Console: Go to Authentication → Passwordless login and enable One-time codes. The code lifespan is controlled by the “code” method’s config lifespan. [[Passwordless login](https://www.ory.sh/docs/identities/get-started/passwordless); [Email/SMS one-time-code](https://www.ory.sh/docs/kratos/passwordless/one-time-code)] - Ory CLI / config file: Set selfservice.methods.code.config.lifespan to the desired duration (e.g., 15m, 1h):

yaml selfservice:   methods:     code:       passwordless_enabled: true       config:         lifespan: 15m  # How long the one-time code is valid

Then apply the config with:

ory update identity-config --project <project-id> --workspace <workspace-id> --file identity-config.yaml

[[One-time-code](https://www.ory.sh/docs/kratos/passwordless/one-time-code)]

You can change the lifespan (expiration) of the sign-in one-time code by configuring the “code” method’s lifespan in your Identities (Kratos) config. - In Ory Console: Go to Authentication → Passwordless login, enable One-time codes (if not already), and adjust the code lifespan setting. [[Passwordless login](https://www.ory.sh/docs/identities/get-started/passwordless)] - Via CLI (example sets lifespan to 15 minutes):

ory patch identity-config --project <your-project-id> \     --add '/selfservice/methods/code/passwordless_enabled=true' \     --add '/selfservice/methods/code/config/lifespan="15m"'

The same lifespan knob is used for “code” flows in general (it’s documented for recovery/verification as well), where you set selfservice.methods.code.config.lifespan to your desired duration (e.g., 5m, 15m, 1h). [[Address verification](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation#configuration); [Set up account recovery](https://www.ory.sh/docs/identities/get-started/account-recovery#edit-recovery-configuration)] Tip: Your email template exposes ExpiresInMinutes, which will reflect this configured value for login_code.valid emails. [[Available variables](https://www.ory.sh/docs/kratos/emails-sms/custom-email-templates#available-variables)]

A message from kapa.ai

You change the sign-in (one-time) code lifespan by setting selfservice.methods.code.config.lifespan in your Ory Identities configuration. - Ory Console: - Go to Authentication → Passwordless login, enable One-time codes, and adjust the lifespan for the code method. [[Passwordless login](https://www.ory.sh/docs/identities/get-started/passwordless); [Email/SMS one-time-code](https://www.ory.sh/docs/kratos/passwordless/one-time-code)] - Ory CLI (example: 15 minutes):

ory patch identity-config --project <project-id> \     --add '/selfservice/methods/code/passwordless_enabled=true' \     --add '/selfservice/methods/code/config/lifespan="15m"'

Or edit a file and apply:

selfservice:     methods:       code:         passwordless_enabled: true         config:           lifespan: 15m

Then:

ory update identity-config --project <project-id> --workspace <workspace-id> --file identity-config.yaml

[[Email/SMS one-time-code](https://www.ory.sh/docs/kratos/passwordless/one-time-code)] Note: The same lifespan knob is documented for code-based verification/recovery as well (selfservice.methods.code.config.lifespan). [[Address verification](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation#configuration); [Account recovery setup](https://www.ory.sh/docs/identities/get-started/account-recovery#edit-recovery-configuration)]