Help with Passwordless e-mail authentication (All and only of client_id, credential_type, username, otp, realm...)

sirus569 · March 27, 2022, 7:17pm

Hello,

I am following this blog on setting up my react app with a passwordless auth0 flow: Setup Passwordless Authentication with Auth0.

I am trying to get it working on http://localhost:3000 (base url) and have gotten as far as getting an OTP token and trying to authenticate the user (myself) with said token.

I keep running into the error: “Invalid request body. All and only of client_id, credential_type, username, otp, realm are required.”

Searching around, I see that it might be a CORS + 3rd party cookies issue but really cannot figure out what I have missed.

Here’s what I have done:

Double checked my browser allows all 3rd party cookies (Brave:
Version 1.36.122 Chromium: 99.0.4844.88 (Official Build) (arm64)
)
Checked is listed under the following Application Settings:

Allowed Callback URLs: /authorize
Allowed Logout URLs: /logout
Allowed Web Origins:
Allowed Origins (CORS):

Tried different browsers with 3rd party cookies disabled.
I even tried using ‘caddy’ to create a local https proxy for my base url and listed the https proxy in Application Settings.

I’m wondering if there is something obvious I missed or if this just isn’t supported anymore and I’m following an old blog post.

I’m on react v17.0.2.

konrad.sopala · March 28, 2022, 7:57am

Hey there!

Unfortunately we won’t be able to help you as you’re following a resource that is not maintained by Auth0 and we do have no knowledge about it but maybe someone from community will be able to help!

sirus569 · March 28, 2022, 8:24am

Get @konrad.sopala , thanks for getting back to me.

So I get my original instructions were a non-auth0 resource, but if I follow the Auth0 docs here: Auth0.js v9 Reference, I get the same result.

I initialize a webAuth with my client ID, domain, redirect URI, etc. Then start the passwordless process like so:

const variables = { email, connection: "email", send: "code" };
webAuth.passwordlessStart(variables, (err, res) => {
      if (err) {
        reject(err);
      } else {
        resolve(res);
      }
    });

Once I get the code in my e-mail, try to complete the process like so:

return new Promise((resolve, reject) => {
webAuth.passwordlessLogin(
      { email: email, connection: "email", verificationCode: otp },
      (err) => {
        if (err) {
          reject(err);
        } else {
          resolve();
        }
      }
    );
  });

Every single time, my promise is rejected and the error from auth0 is printed to the console.

So regardless of if I my blog or the auth0 instructions, I get the same error.