Problem statement
Is there a way to tell whether a passwordless login was performed via a magic link or via a code?
Solution
When using the verification code, context.request.query.auth0Client will be present in the rule context. When using a magic link, the query parameter (auth0Client) is not present.