Hello i’m having CORS errors when trying to login users using the passwordless auth0 lock widget on hybrid apps with Capacitor (http://capacitor.ionicframework.com) .
I’m sharing the same codebase between mobile and web and in the android version i’m not able to authenticate users.
I have set Allowed Web Origins on my Auth0 application to:
http://localhost
this is my Lock widget configuration :
lock = new Auth0LockPasswordless(config.auth0.clientId, config.auth0.domain, {
autoclose: true,
allowedConnections: [‘sms’],
passwordlessMethod: ‘code’,
auth: {
redirectUrl: config.auth0.callbackUrl,
responseType: ‘token id_token’,
params: {
scope: ‘openid profile email phone’,
audience: config.auth0.audience
},
}
});
logs with the failed login attempt
Summary
Occurred 2 minutes agoat 2019-04-18 13:31:57.664 UTC
Type Failed cross origin authentication
Description Wrong phone number or verification code.
Connection
Application
User
{
“date”: “2019-04-18T13:31:57.664Z”,
“type”: “fcoa”,
“description”: “Wrong phone number or verification code.“,
“connection_id”: “”,
“ip”: “xxxxxxx”,
“user_agent”: “Mozilla/5.0 (Linux; Android 9; Android SDK built for x86 Build/PSR1.180720.075; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/73.0.3683.90 Mobile Safari/537.36",
“details”: {
“body”: {
“client_id”: “xxxxxxxxxxx”,
“username”: “xxxxxxxx”,
“otp”: “940940",
“realm”: “sms”,
“credential_type”: “http://auth0.com/oauth/grant-type/passwordless/otp”
},
“qs”: {},
“connection”: “sms”,
“error”: {
“message”: “Wrong phone number or verification code.“,
“oauthError”: “Wrong phone number or verification code.“,
“type”: “access_denied”,
“uri”: null
}
},
“hostname”: “xxxxxxx.eu.auth0.com”,
“auth0_client”: {
“name”: “lock.js”,
“version”: “11.15.0",
“env”: {
“auth0-js”: “9.10.2”
}
},
“log_id”: “90020190418133157665557656113268763764825518909677371394”
}