A REST based API is configured with only one scope api in dashboard
Only passwordless connections, email and SMS, are enabled
SMS connection is setup with a Twilio account
I have successfully used Lock.Android package to create a PasswordlessLockActivity, authenticate using SMS/Email and receive the id_token and refresh_token for the same.
However, I have tried a bunch of different things to retrieve an access_token for my configured API.
I have tried the following
My successful PasswordlessLock Activity had audience as API with appropriate scope but only Authentication happened, no Authorization for API or access token.
Tried LockActivity to fetch token but getting an error which says
Can’t resolve your request
There was an unexpected error while resolving the login box
configuration, please contact support
Created a regular web app client and redirected to /authorize endpoint. The page showed the following error message (after correctly redirecting to login page with my web app’s name)
Something went wrong. Please contact
technical support.
According to the documentation, at this time, the use of passwordless authentication in conjunction with API authorization features is not possible.
Auth0 currently does not support an OIDC-conformant passwordless authentication mechanism. OIDC-conformant clients will not be able to use the new authentication pipeline or request API access tokens.
We plan on implementing OIDC-conformant passwordless authentication in future releases.
I hope to see this feature in the future. My current option seem to be to use the id_token to protect the API since I don’t care for scopes in the immediate future.
I hope to see this feature in the future. My current option seem to be to use the id_token to protect the API since I don’t care for scopes in the immediate future.
I’m afraid that no, there’s not yet a definitive timeline and me trying to provide one would just lead to either the feature being released a bit earlier then what I mentioned and no one caring about my failed prediction or it only being released after my prediction and everyone complaining about it. We do understand that this is something with demand, but as mentioned at this time there’s still no concrete date.