Passkeys allow you to authenticate securely and they’re easy to integrate using Auth0. But what happens after that? Let’s learn how to list and revoke passkeys using Auth0.
Read more…
Brought to you by @carlastabile
Got questions? Don’t worry; we’re like the cool teachers who encourage asking!
I’ve been running around in circles for hours
-
When AUTH0_DOMAIN is set, the Next.js SDK uses the custom domain for authorization
-
My Account API rejects authorization requests from custom domains with “not accessible through this hostname”, and is pre-configured to use the tenant domain
- Creating a duplicate api using the custom domain as the identifier with the same scopes doesn’t seem to do anything.
-
This blocks managing passkeys (which require My Account API) with a custom domain
I feel like i’m missing several important steps.
I’ve spent half the time staring at an auth0 based 401 when trying to call passkey admin endpoints
And the other half pulling out my hair because regular auth doesn’t work anymore with the config changes I’m trying to make.
The Okta AI chatbot said it was an architectural decision that I can EITHER have a custom auth domain, My Account API, but not both. Which feels like i’m being lied to.