In response to:
https://auth0.com/forum/t/user-info-response-incomplete-using-updated-access-toke/5831
Would I also be able to use the /oauth/token endpoint using a password obtained through the passwordless endpoint?
I tried to call /passwordless/start and use the sms pin as the “password” for the /oauth/token endpoint using the realm “passwordless” (also tried “sms”), however it gives me:
{
"error": "access_denied",
"error_description": "Unauthorized"
}
Isn’t that a valid flow?
The /oauth/token endpoint does not support the passwordless flow. Instead, you can use the /oauth/ro endpoint, which supports the passwordless sms connection: Authentication API Explorer
POST https://tenant.auth0.com/oauth/ro
{
"client_id": "YOUR_CLIENT_ID",
"connection": "sms",
"grant_type": "password",
"username": "PHONE_NUMBER",
"password": "VERIFICATION_CODE", //the verification code
"scope": "SCOPE"
}
This is no longer possible to do, is it? I’m wanting to do the sms authentication from the server as well, and get the access/id tokens back for that.