I am implementing Auth0’s Passwordless with New Universal Login. It works fine with email (connection=“email”).
However, when I change the connection to “sms”, I receive a 400 from the POST …/u/login/passwordless-sms-challenge?state=… endpoint when attempting to verify my OTP SMS code. I cannot find any documentation available on this passwordless-sms-challenge endpoint to troubleshoot this error.
Verbose Description of the flow:
I navigate to my app, running on localhost.
Network Traffic:
GET …/authorize?
redirect_uri=http%3A%2F%2Flocalhost%3A4201%2F
login&
client_id={myClientId}&
audience={myAudience}
connection=sms&
scope=openid%20profile%20email&
response_type=code&
response_mode=query&
state=…
nonce=…
code_challenge={codeChallengeValue}
code_challenge_method=S256&
auth0Client={auth0Client}
302
GET /u/login/identifier?state=
200
I provide a phone number & press continue.
POST …/u/login/identifier?state=…
302
GET …/u/login/passwordless-sms-challenge?state=…
200
My cell phone receives an SMS OTP (using Twilio for SMS). I enter the SMS OTP into Auth0 UI & press Continue.
POST /u/login/passwordless-sms-challenge?state=
400