Cannot submit activation code - /oauth/ro endpoint returns 404

Hey everyone,

I’m trying to set up passwordless authentication. I was able to send out the SMS nicely via the /passwordless/start endpoint. However next step would be to authenticate the authentication code I received via the /oauth/ro endpoint ( However when I try to post to that endpoint it just returns 404. I also tried this via the node.js library ( but that showed the same 404 error. Any idea what am I doing wrong here?

Hi Adam.
The oauth/ro endpoint is no longer available. As stated in the api document that you linked:

This feature is disabled by default for new tenants as of 8 June 2017. Please see Application Grant Types for more information.

If you are building a single page app, you can still do embedded passwordless with Auth0.js 9, which uses the new Cross-Origin Authentication protocol. Cross-Origin has its difficulties (it requires a custom domain matching your application domain, and some browsers might block the required cookies in the cross-domain conversation). Unlike to /oauth/ro endpoint, cross-origin authentication ends in a redirection to finish the authorization part of the transaction, so there will be a page refresh.

If you are building a native application, you can use Passwordless through Universal login, i.e. browser-based authentication, where the app opens the device native browser to do the authentication part.