I have configured Passwordless login via SMS in the Auth0 dashboard and am using the new Universal Login template. My goal is to require a password only when users log in/sign up with email and user user could sign up/login with social account like apple and google, and allow passwordless login/sign up when they use their mobile number. However, when I try to sign up or log in with a phone number, I’m still prompted to set or enter a password after entering the SMS code.
Is there a configuration I might have missed, or anything else I need to adjust to achieve the expected behavior?
Thank you for posting your question; unfortunately, Universal Login does not currently handle passwordless and database connections out of the box. Our engineering team is planning to release a new feature this year to add the possibility of logging in to the user passwordless from the database connection. I don’t know the ETA for the Early Access to this feature, but I will make sure to give you heads up when I will have more information about that.
Regarding what you can achieve right now is to use the Classic Universal Login or force the Auth0 to use a specific connection.
For the second option, you pass the “connection” parameter when calling Auth0 so that the Universal login prompt will know which connection to use in advance.
For example, you can add the parameter “connection=sms” to the /authorize request, and the new universal login will use SMS otp passwordless in those attempts. Alternatively, you may also send a “password” connection to the /authorize request. This approach would require you to know in advance (before calling auth0) which connection the user wants to use.
Thank you for your response. I would like to clarify—if sms is included as a parameter, will that exclude social login methods like Apple or Google, given that they are more aligned with email-based authentication? From my current observation, it appears to be the case. Is there a recommended configuration to allow them to coexist?