400 error upon verifying SMS code with passwordless embedded login

Hi all!

I’m trying to set up the passwordless flow with Embedded Login and upon verifying a SMS code, it returns error 400 “Invalid request body. All and only of client_id, credential_type, username, otp, realm are required.” I have closely followed the docs for the Auth0.js passwordless setup and even tried setting a custom domain and a cross-origin auth callback page using the provided instructions and sample HTML on the Auth0 GitHub in case this is related to cross-origin cookie problems but I must be missing something. The callback-cross-auth page I copied directly and changed the domain, clientId, etc. but visiting the page shows an error in the console: Uncaught DOMException: An invalid or illegal string was specified. This error might be totally unrelated. Any help would be greatly appreciated. This is on a paid plan.