Hello experts, I am looking at the embedded login option. Embedded Login. It mentions " If you decide to use Embedded Login, you must… or call the Auth0 Authentication API directly." I am not quite sure I understand what API I should call in this case. Can I call an API to validate username and password or does this only apply to passwordless?. Thanks
Hi @fedelists,
Welcome to the Auth0 Community and sorry for the late reply.
Our documentation presents only the options of configuring a passwordless authentication flow since that is a little easier than setting the username-password one.
The answer to your question is definitely yes, you can use the Embedded Login to implement a username-password login flow, but please also consider the security risks involved, alongside with making sure that Cross-Origin Resource Sharing is implemented correctly within your configuration, so that is why Auth0 strongly recommends using the Universal Login for this scenario, as details in our documentation about Centralized Universal Login vs. Embedded Login.
I hope this helped.
Thanks,
Remus
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.