I’ve spent more time than I care to admit reading through docs as well as other Auth0 Community posts, and I’ve not found a direct answer to my question:
We have a React Native-based application. We currently have integrated passwordless auth (with SMS) via the browser-based method. It works, but the non-native experience puts us at a disadvantage to our biggest competitors. I found the Passwordless section of the Authentication API docs, and was initially excited. Using /passwordless/start and /passwordless/verify, I thought we would be able to get native passwordless working after all. Then my excitement turned to dismay as I tested the flow with Postman. I am able to call /passwordless/start successfully, my phone receives the verification code, but I am not able to get the /passwordless/verify endpoint to return success no matter what I try. Specifically, I receive the following message:
{
“error”: “bad.request”,
“error_description”: “the following properties are not allowed: grant_type,username,password,scope”
}
My request payload looks like this:
{
“client_id”: “{{client_id}}”,
“connection”: “sms”,
“grant_type”: “password”,
“username”: “same phone number from previous step”,
“password”: “code from sms”,
“scope”: “openid”
}
I noticed the following message for the /passwordless/verify endpoint: " This feature is disabled by default for new tenants as of 8 June 2017. Please see Application Grant Types for more information."
However, these docs just take me down a long chain that doesn’t give me a direct answer to my question. Is what I’m trying to accomplish even possible? If it is, how can I do so? If it’s not, why isn’t it?
Thank you,
Matt