How to Pass the Client IP to /passwordless/start

konrad.sopala · January 4, 2024, 12:28pm

Problem statement

How to send the client IP address in a /passwordless/start request from a backend server on behalf of clients so that the backend server IP address is not used?

Solution

Use the following steps:

Use a regular web or m2m application. The client secret can be stored securely on the backend server and passed into the request.
On the application configuration in the Auth0 dashboard under Advanced Settings, ensure the setting Trust Token Endpoint IP Header is enabled in the OAuth tab.

In the /passwordless/start request, include the header auth0-forwarded-for containing the client IP. For example:

curl --header "auth0-forwarded-for: x.x.x.x" --request POST \
  --url 'https://DOMAIN/passwordless/start'; \
  --header 'content-type: application/json' \
  --data '{"client_id":"CLIENT_ID", "client_secret":"CLIENT_SECRET", "connection":"sms", "phone_number":"+44123456789", "send":"code", "authParams":{"scope": "openid"}}'

Related docs

Topic		Replies	Views
Bug: Trust Token Endpoint IP Header Not working Help auth0 , login , ip , header	0	3643	June 4, 2019
IP Contained in 'auth0-forwarded-for' Not Shown in Logs Knowledge Articles anomaly-detection , resource-owner-passw	1	1934	January 27, 2023
IP field in auth0 logs does not show client IP when using server api calls Help logs , grants , client-metadata , ip	8	7137	March 2, 2018
Trying to use node-auth0 management api. Help with client setup please Help management-api , users	2	1560	October 9, 2023
Authenticating user from hardcode (config) username and password Help api , login	9	3838	December 6, 2019

How to Pass the Client IP to /passwordless/start

Problem statement

Solution

Related topics