Login impossibe after disabling Legacy Lock API

although our developer confirmed “We’re certainly not using an old (or any) version of Lock screen.” our login process does not work anymore as soon as we switch off the Legacy Lock API.
As soon as switched off the login failes with the “incorrect credentials” message. Switching it back on immediately brings login back to life.

Can anyone help me to find our what we need to do to be ablte to switch off the Legacy Lock API?


can anyone help with this?

Not sure if I can help, but wondering if you can give some more info on your implementation.

I thought I was not using the older lock, but apparently I was because it tries to make calls to a geolocation api endpoint or something that gave a hint that something was weird.

What do you see in the network tab in chrome devtools when it’s not working?

Unfortunately I am not the one who developed this part of our App,
can you help me to provide you with sufficient detail so you can judge. What is it you need to know to be able to say what might be the issue?

chrome dev tools thows an “Unauthorized” on /auth/login when trying to signin…

One thing was in my case I was directly calling passwordlessVerify instead of passwordlessLogin

is there any more info in the error message? any more about the response from the server?

is there anything specific in my codebase that I can search for to find out whether we are using passwordlessVarify or -Login?

Here is a sreenshot from the error in dev tools:

we get these two events in the auth0 logs when legacy lock api is disabled and a login fails:

this issue has now been solved by one of our developers. thanks for your support!

Hi pododesk,
We have the same issue as yours. Could you please be a bit more specific about how you solved this?
Best regards,

Hi again,
We solved this by completing the “Allowed Web Origins” of our application.
Hope this will help!
See ya

in the end we needed to migrate to the hosted login page.