Can't validate sms code when Signup is disable on SMS connection

Hey , if I disable signups from SMS passwordless connections i can’t use the method this.auth0.passwordlessStart to signing up users programmatically

when calling the event i’m getting the error :
url: "" , statusCode: 400, code: “bad.connection”, description: “Public signup is disabled”

I would like to validate the users phone with the security code and then create them programmatically, is this possible ? i managed to do it with normal Email connections but not with passwordless


If you disable public signups for a connection then you’ll need to create the user from your own backend through the Management API (!/Users/post_users). I confess I may be missing something around the requirement for validating the phone number given that for an SMS connection if the end-user completes the login then the phone is validated implicitly so you may want to expand on your exact scenario.

thanks for your quick response. currently if I don’t disable Signup for SMS connection , anyone who enter a phone number and validate it on Auth0’s Universal login page a new user account is created. I would like to have control over auth0 user creation while keeping the phone number validation process in place. My signup flow is slightly different to the signin , to be precise, I would also like to send some extra field on signup to post registration process but i haven’t find the way to do it.

That is correct, if signups are available publicly then the completion of the signup/login with a new phone number will lead to the creation of a new user.

If you have a scenario where completely public signups are not adequate than you can achieve your requirements by controlling the signup process through your own back-end. Your back-end would then call the endpoint I mentioned before after it had completed all your criteria to allow the actual signup; the endpoint above would also allow to send additional information (fields) when creating the user.

alright , i think creating a user through my own backend may work , would you mind telling me which endpoint should I call to validate user phone number through the verification code , calling
/api/v2/users would trigger the SMS verification flow for passwordless users ?

I found this docs : which is the one used on Auth0.js sdk but if public signups are not enabled i can’t call it from my backend neither , is there some other endpoint i’m missing to trigger the SMS verification flow ? thanks

still having the same issue , if i disable public signup form SMS connections , i’m not able to call the endpoint to send the SMS with the code to validate the user’s phone number, is there other available API endpoint to trigger the SMS message without creating the user ? thanks

If you first create the user through (!/Users/post_users) and then you call the Authentication API to initiate a passwordless flow then you will be able to meet your requirements because the end-user was already created through an API that is not affected by public signups being disabled.

1 Like