/oauth2/token endpoint and passwordless login

I am trying to create a passwordless login (sms and email) in a react-native app without redirection to the hosted page. The /password/start endpoint works fine for both sms and email and send a code. The verify code the /oauth/ro has been deprecated in favor of //oauth/token.

Using the “Resource Owner Password” Grant type on /oauth/token I the following issue:

  • If I specify a grant type of http://auth0.com/oauth/grant-type/password-realmwith the username and password set correctly and then specify a realm of email (or sms) I get a "Passwordless authentication is not allowed on this endpoint." error.
  • If I use a grant_type of password I get a ""Authorization server not configured with default connection." error. I can prevent this error by setting a default type in my tenant setting but then I cannot present both email and sms types to the user!

I would like to avoid using /oauth/ro since it is considered legacy (fortunately, I at least have that as a fallback option since I have been a tenant before the restriction on legacy went up).

How can i use the /oauth2/token endpoint with passwordless authentication with either sms and email?

1 Like

At this time there is no support for verification of passwordless verification codes at the /oauth/token endpoint. This possibility is something that I’ve seen discussed, but at this time I don’t have any definitive information about how/when will this be made available.

For subscriptions that have available the legacy grant types the /oauth/ro endpoint would indeed be an alternative, however, the general recommendation would be to make use of passwordless through the hosted login page.