I am using the embedded login version and wish to implement the passwordless (OTP via email) approach in my backend application (Node.js) for user login. My backend is set up as a machine-to-machine application in Auth0, but I am unable to find the option to toggle on the OTP grant type in the advanced settings.
I tried updating the grant types as per the instructions in this documentation. However, I keep encountering the error message:
'Invalid grant types: http://auth0.com/oauth/grant-type/passwordless/otp'
I tried also the AuthenticationClient class from the auth0 node.js library.
I instantiated the object with my domain, clientId and clientSecret. Then called the signIn method such as:
return await auth.passwordless?.signIn({
username: email,
otp: code,
realm: 'email',
audience: config.getOrThrow('AUTH0_AUDIENCE'),
});
However, this approach gave me the error message:
"{\"error\":\"unauthorized_client\",\"error_description\":\"Grant type 'http://auth0.com/oauth/grant-type/passwordless/otp' not allowed for the client.\",\"error_uri\":\"https://auth0.com/docs/clients/client-grant-types\"}",
I have extensively reviewed the available documentation but have not found a solution to my issue, which seems like a common type of login.
Do you have any thoughts on how to resolve this?