Getting an error for SMS passwordless at oauth/ro

Attempting to use the passworldless endpoints to verify phone numbers through Twillio.

Sending a verification code works, but when I try to hit the oauth/ro endpoint to verify the code I get a 500 error with the following:

{
  "error": "access_denied",
  "error_description": "Cannot read property 'split' of undefined"
}

However, when I check the user list, the phone number is listed as verified.

Given that you mention that the phone number shows up as verified this hints that the credentials validation part of the authentication transaction worked correctly.

After credentials validation (aka user login) any existing rules that you have configured will run. Rules can fail the authentication transaction and it’s highly likely that you have configured a rule that throws an error for passwordless based users which then invalidates the authentication transaction.

Most likely you’re assuming all users have a certain property and that assumption does not hold true for your passwordless users.

You nailed it!

many thanks

You nailed it!

many thanks