Id_token not present in TokenSet when logging in with passwordless embedded login email magic link

richardb · June 26, 2024, 2:17pm

Hello,

I am doing a passwordless login with email magic link. The user successfully receives the email, but when the link is clicked, the following error is shown: id_token not present in TokenSet. In the Auth0 Dashboard the monitoring logs show a “Successful Login”. In my node.js/express.js application, this is the authorization part of my request: authorization: {params:{ scope: “openid email profile” }}. How can I fix this issue?

Thanks in advance!

dawid.matuszczyk · June 26, 2024, 3:06pm

Hi @richardb

Welcome back to the Auth0 Community,

If you need to get the Id_token, you need to add that in the responseType in the authorization part of your request.

authorization: {
    params: {
        response_type: 'id_token' // and `token` if you need access token
    }
}

Thanks
Dawid

richardb · June 26, 2024, 3:43pm

Hello,

I am still confused as to why I need the id_token, but I’ve added response_type: ‘id_token token’ to the authorization params of the config to send the email to the user and still get the same issue. This is the callback I get when I click on the link https://domain.auth0app.com/callback#access_token=xxxx&scope=openid&expires_in=7200&token_type=Bearer. I don’t understand why it doesn’t work. I have a universal login in parallel on the same app which works, so I don’t understand why the embedded passwordless doesn’t work.

dawid.matuszczyk · June 26, 2024, 4:20pm

Sorry for the confusion, can you share with me the code snippets, and technology that you are using?

richardb · June 26, 2024, 4:25pm

I am using node.js and express.js. Here is the request to send an email with the magic link:
emailConfig={ method: 'get', maxBodyLength: Infinity, url:https://${process.env.DOMAIN}/passwordless/start`,
headers: {
‘content-type’: ‘application/json’
},
httpAgent: httpagent,
httpsAgent: httpagent,
proxy: false,
data:{
“client_id”:process.env.CLIENT_ID,
“client_secret”:process.env.CLIENT_SECRET,
“connection”: “email”,
“email”:email,
//“authParams”:{“scope”:“openid profile”}
},
authorization: {params:{ scope: “openid email profile”, response_type: ‘id_token token’ }}

        }
        axios.request(emailConfig).then(function (response) {
            console.log(response.data);
            res.redirect(`/emailsent/${email}`)
          }).catch(function (error) {
            console.error(error);
          });

`

dawid.matuszczyk · June 26, 2024, 4:40pm

Hi @richardb

I need a little bit more time to check for more details, but I first noticed that you should be using the POST rather than the GET method.

https://auth0.com/docs/authenticate/passwordless/implement-login/embedded-login/webapps#:~:text=Send%20a%20magic%20link%20via%20email

Topic		Replies	Views
Getting id_token not present in TokenSet on logout Help logout , auth0	4	2224	July 16, 2022
Getting 'Login Required' when attempting silent auth after successful authentication with magic link Help sessions , authentication-sessions	0	1346	November 22, 2022
Auth0 aut0 forward to enterprise IdP and Passwordless Help login-experience , new-universal-login-experience	3	1008	September 17, 2024
"Wrong email or verification code" on Magic Link click Help passwordless	18	9645	November 25, 2020
Passwordless send link from a backend Help classic-universal-login-experience , login-experience	0	13	August 22, 2024

Id_token not present in TokenSet when logging in with passwordless embedded login email magic link

Related Topics