Hi there,
I’m working through an embedded implementation of a Passwordless authentication with Flutter.
The overall goal is to authenticate first with SMS and later within the user flow, we want to have a secondary authentication with email.
Both are Passwordless on the same Auth0 Application client.
Here is the current solution:
SMS
-
User authenticates via SMS passwordless hitting the
https://[domain]/passwordless/startend point -
Once the code comes through, I verify the token with the following call to the endpoint
https://[domain]/oauth/token
This call includes defining the following:
audience: https://[doman]/api/v2/scope: openid profile update:current_user_identities
This returns a JWT access token
-
User authenticates via Email passwordless hitting
https://[domain]/passwordless/startend point with the email configuration requesting code -
Submit the email code with the following endpoint:
‘https://[domain]/oauth/token’
This also includes the additional attributes:
audience: https://[doman]/api/v2/scope: 'openid profile update:current_user_identities
Also returns a JWT access token
Link accounts
The goal is to link both SMS account as the primary and Email to be secondary account.
Call the following endpoint:
https://[domain]/api/v2/users/[primary Account user id]/identities
Header Bearer [primary account access token]
The body contains:
link_with: [secondary account access token]
I get the following error as a response
{"statusCode":400,"error":"Bad Request","message":"Invalid token (link_with).","errorCode":"invalid_body"}
I’m probably missing something really obvious, just wanted to get further clarity?
Thanks,
Chris