We’re using auth0-react at our application and found out a great way to customise passwordless user experience by creating our very custom login form where user can input their email (I’m reporting this issue at this repository because auth0-react is powered by auth0-spa-js) and receive login link without being redirected to auth0 to log in. For that we can use auth0-js and WebAuth class with
passwordlessStart. It worked perfectly in the beginning, the code indeed sent login link to the email. The problem is that when I get redirected to the app after a successful login (by clicking the link at the email), I get
isAuthenticated to be
false but also I notice a hash URL with
#auth_token=1234. I never seen it before and my guess is that auth0-js and auth0-spa-js authentication flows are incompatible (auth0-spa-js handles ?code= query parameter instead of the hash parameter). At the same time when we use the regular passwordless authentication, it works perfectly.
Either of this:
- auth0-spa-js (including auth0-react) would accept URL credentials generated with
passwordlessStart(the #auth_token= thing).
- auth0-spa-js should have similar function but I couldn’t find it.
- Find some workaround to make both libraries compatible: use auth0-js for log in, use auth0-spa-js (or auth0-react) to authorise. I tried to replace
?code=1234and it didn’t help.
- Use auth0-js and WebAuth class with
passwordlessStartto authenticate (standard documentation).
- Log in by clicking a link.
- Use auth0-spa-js (or auth0-react) to authorise. You’ll get isAuthenticated equal to false and