Auth0 Home Blog Docs

Passwordless authentication using api

auth0
api
#1

Hello all,
it is not clear to me if there is a way to use Authentication API for password less login (email, with verification code).
I can send a verification code using /passwordless/start but it looks like the verification endpoint oauth/ro is not accessible anymore, even enabling the “password” grant_type.

Is the documentation (https://auth0.com/docs/api/authentication?http#get-code-or-link ) outdated? About oath/ro, the documentation says that the feature is disabled by default which suggests it can be re-enabled but it does not seems so.

Any alternatives to implement a passwordless authentication via verification code? My use case is an Electron application, where the classic flow for web applications does not work.

#3

Hey there @iamshimil, you can use a passwordess with a verification as discussed in the below article. I see you state you can send the initial verification code but running into issues once past that. I have linked the code snipit on the lock implementation as well to hopefully provide some clarification. Please let me know if this helps you in your quest!

<script src="https://cdn.auth0.com/js/lock/11.6.1/lock.min.js"></script>
<script type="text/javascript">
   var lock = new Auth0LockPasswordless('YOUR_CLIENT_ID', 'YOUR_AUTH0_DOMAIN', {
    allowedConnections: ['email'],           // Should match the Email connection name, it defaults to 'email'     
    passwordlessMethod: 'code',              // If not specified, defaults to 'code'
    auth: {
      redirectUrl: 'https://YOUR_APP/callback',
      responseType: 'token id_token'
    }
  });

  lock.on('authenticated', function(authResult) {
      localStorage.setItem('id_token', authResult.idToken);
      localStorage.setItem('access_token', authResult.accessToken);
  });

  function login() {
      lock.show();
  }
</script>
<a href="javascript:login()">Login</a> 
#4

Thanks for your replay. But I have some concern on this

1 ) I don’t want to use Lock implementation
2)My app is not in js. it is in react native
3)We need to make a native application on ReactNative. Authorization should not take place in the browser, but inside the mobile application, there should also be authorization by phone(Twilio)
4)I don’t want to use a browser

I don’t want to use universal login or auth0 Lock. I am able to trigger OTP using the API
like this

 fetch(`https://shimil.auth0.com/passwordless/start`, {
    method: "POST",
    headers: {
      "content-type": "application/json"
        },
    body: JSON.stringify({
      client_id: "XXXXXXXXXXXXXXXXXXXXXXXX",
      connection: "sms",
      phone_number: "+919633898851",
      send: "code"
})
})

but after getting OTP I tried to verify the OTP using

fetch(`https://shimil.auth0.com/auth0/ro`, {
      method: "POST",
      headers: {
        Accept: "application/json",
        "content-type": "application/json"
            },
      body: JSON.stringify({
        client_id: "XXXXXXXXXX",
        connection: "Username-Password-Authentication",
        phone_number: to,
        code: this.state.otpcode
      })
})

in this, I am not able to verify. it is getting Not Found.API is not working,

so my basic requirement is if I verify through OTP that user should list on https://manage.auth0.com/#/users

so please help me with this. I am stuck with this problem for one week

#5

After following up with support, I was able to confirm Passwordless is reliant on Universal Login at this time. At this point embedded lock and Passwordless associations are deprecated.

About oath/ro, the documentation says that the feature is disabled by default which suggests it can be re-enabled but it does not seems so.

This is correct and the case with all new tenants, we are unable to re-enable the oauth/ro feature set.

Sadly, you can send the OTP but you will not be able to verify it manually.

I’m sorry for any confusion this may have caused.

#6

I wanted to touch base and see if you had any additional questions on this subject @iamshimil. Thanks in advance!

closed #7

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.