Can I authenticate a session in a NodeJS serverless function when I'm using Auth0 Passwordless on my front end?

Hi @dan.woda,

Thanks for the information, I’ll read that material.

My questions at this time are:

  • I’m using passwordless authentication. Where is the access token?

The access token is returned after a successful authentication. What framework are you using? Did you use a quickstart? How are you authenticating?

Hi @dan.woda, I’m using an SPA framework.

And Auth0 passwordless on the front end. And I want to check the session or verify the token in the serverless function.

This is a fairly common use case, that doc I linked should get you 90% of the way. Let me know if you have specific questions.

Our quickstarts also cover this if you pick your SPA framework and go from there:

I’ve implemented the older version of this quick start on the admin dashboard.

However I’m using passwordless authentication on the front end with Auth0 Lock.

From what I have seen I don’t get a valid JWT token back. And the access token that I receive isn’t a valid JWT token.

You must request a token for your API.

edit: this may also be helpful

1 Like

@dan.woda the token I get back is short in length. What sort of access token is this?

Thanks, just saw the Get Access Token doc.

Please read the FAQ I linked above titled Why is my access token not a JWT?

So I have an opaque token? Which I recall is used to get the user profile?

I read the linked question.

1 Like

That is correct. You must set the audience to the custom API (netlify function) you configured in the dashboard

Ok. I’m going to read the material you linked to first and follow your instructions.

Great let us know how it goes.

1 Like

@dan.woda from what I’ve read. I can only access the user profile information with the getUserProfile method. Providing the opaque token sent back from a successful passwordless authentication flow.

I have a question: using the passwordless authentication flow, which successfully sends back an opaque token. How can I then get a valid JWT token?

You must add an audience claim. This requests a token that can be verified by your custom API. If you are looking to display information in your application based on the token then you will want to use an id token:

Thanks @dan.woda.

I’ve followed your guidance and I now have the token. :rocket::

I want to verify it in my custom API (netlify) function. Is there a method/function that I can call? I took a look in auth0 and I couldn’t find one.

1 Like

I think this walkthrough has the code you need:

Hi @dan.woda,

I’m not using express. How can I get my secret or public key?

Hi @dan.woda,

I’ve managed to get the token verified. I used the jsonwebtoken and jwks-rsa packages. Which were used in the quick start guide.

1 Like

Awesome! Let us know if there is anything else we can do