OTP received for SMS-based passwordless users created via the management API sometimes does not work

rueben.tiow · July 21, 2023, 6:53pm

Problem statement

OTP received for SMS-based passwordless users created via the management API sometimes does not work.

Cause

When an SMS-based passwordless user is created via the management API, Auth0 sends the SMS before the user is created. If there is a delay in user creation then it’s possible that when the user inputs the received OTP code, the user does not exist and therefore they are informed that their OTP is incorrect.

Solution

The ideal solution is to set phone_verified to true during user creation which will prevent the SMS from being sent. You can then poll the Management API to confirm the user has been created and then manually send the OTP via /passwordless/start endpoint.

Topic		Replies	Views
Auth0 Account Linking & Applications Help management-api , users	4	941	October 20, 2023
Create users in passwordless connection from API using code instead of magic link Help login-experience , signup-prompt-new-experience	6	522	June 20, 2024
Create a password less user without sending sms Help	2	3279	August 7, 2020
Sending transactional sms (eg OTP) to unverified mobile numbers Help login-experience , new-universal-login-experience	2	1306	December 9, 2022
Name not set when create sms passwordless users via API Help management-api , users	2	557	November 28, 2023

OTP received for SMS-based passwordless users created via the management API sometimes does not work

Problem statement

Cause

Solution

Related topics