Great, do you have an example of how to do it with the new spring security OTT one time token ?
This is unrelated.
In my example the authentication is handled by Microsoft Entra where also the users are managed. With that setup you will get SSO with the Microsoft user. There is no need for OTT or OTP.
OTT is fully handled by Spring Security.
I understand perfectly well that it is with login, but isn’t it a good idea to offer another way to login ?
No. Because you will also have to manage the users in your application.
If you have an OAuth2 provider like Microsoft or Keycloak, you should use this as the login mechanism. Those providers may also offer OTP, OTT, or any other way to log in.
I just created a small prototype: GitHub - simasch/vaadin-one-time-token-login
I will write a blog post about it later. Currently the login form is the default from from Spring Security and not a Vaadin view.