We’re implementing an auth flow where the first time an email address is used, the user is automatically signed up and logged in without having to do anything. If the same email is then used again, we want to trigger the Auth0 Passwordless flow to verify identity by having the user enter a code sent to their email.
Per the discussion at Automatic login after creating Auth0 user - #7 by mathiasconradt, Auth0’s suggestion to doing this is to fetch the relevant API using Resource Owner Password flow documented at Call Your API Using Resource Owner Password Flow
However, this is not possible, because when we create a user using the management api with the passwordless connection (connection name of email), a password cannot be defined. If you define a password anyway, you’ll get a bad request error.
So, how can we get the user’s access token and ID token when we’ve created the passwordless user using the Auth0 Management API on our backend?