Auth0 Home Blog Docs

Login in with sms pin using /oauth/token endpoint possible?

token
passwordless

#1

In response to:
https://auth0.com/forum/t/user-info-response-incomplete-using-updated-access-toke/5831

Would I also be able to use the /oauth/token endpoint using a password obtained through the passwordless endpoint?
I tried to call /passwordless/start and use the sms pin as the “password” for the /oauth/token endpoint using the realm “passwordless” (also tried “sms”), however it gives me:

{
	"error": "access_denied",
	"error_description": "Unauthorized"
}

Isn’t that a valid flow?


#2

The /oauth/token endpoint does not support the passwordless flow. Instead, you can use the /oauth/ro endpoint, which supports the passwordless sms connection: https://auth0.com/docs/api/authentication#authenticate-user

POST https://tenant.auth0.com/oauth/ro
{
  "client_id": "YOUR_CLIENT_ID",
  "connection": "sms",
  "grant_type": "password",
  "username": "PHONE_NUMBER", 
  "password": "VERIFICATION_CODE", //the verification code
  "scope": "SCOPE"
}

#3

This is no longer possible to do, is it? I’m wanting to do the sms authentication from the server as well, and get the access/id tokens back for that.


#4