Hello all,
it is not clear to me if there is a way to use Authentication API for password less login (email, with verification code).
I can send a verification code using /passwordless/start but it looks like the verification endpoint oauth/ro is not accessible anymore, even enabling the “password” grant_type.
Is the documentation (https://auth0.com/docs/api/authentication?http#get-code-or-link ) outdated? About oath/ro, the documentation says that the feature is disabled by default which suggests it can be re-enabled but it does not seems so.
Any alternatives to implement a passwordless authentication via verification code? My use case is an Electron application, where the classic flow for web applications does not work.
Hey there @iamshimil, you can use a passwordess with a verification as discussed in the below article. I see you state you can send the initial verification code but running into issues once past that. I have linked the code snipit on the lock implementation as well to hopefully provide some clarification. Please let me know if this helps you in your quest!
<script src="https://cdn.auth0.com/js/lock/11.6.1/lock.min.js"></script>
<script type="text/javascript">
var lock = new Auth0LockPasswordless('YOUR_CLIENT_ID', 'YOUR_AUTH0_DOMAIN', {
allowedConnections: ['email'], // Should match the Email connection name, it defaults to 'email'
passwordlessMethod: 'code', // If not specified, defaults to 'code'
auth: {
redirectUrl: 'https://YOUR_APP/callback',
responseType: 'token id_token'
}
});
lock.on('authenticated', function(authResult) {
localStorage.setItem('id_token', authResult.idToken);
localStorage.setItem('access_token', authResult.accessToken);
});
function login() {
lock.show();
}
</script>
<a href="javascript:login()">Login</a>
Thanks for your replay. But I have some concern on this
1 ) I don’t want to use Lock implementation
2)My app is not in js. it is in react native
3)We need to make a native application on ReactNative. Authorization should not take place in the browser, but inside the mobile application, there should also be authorization by phone(Twilio)
4)I don’t want to use a browser
I don’t want to use universal login or auth0 Lock. I am able to trigger OTP using the API
like this
fetch(`https://shimil.auth0.com/passwordless/start`, {
method: "POST",
headers: {
"content-type": "application/json"
},
body: JSON.stringify({
client_id: "XXXXXXXXXXXXXXXXXXXXXXXX",
connection: "sms",
phone_number: "+919633898851",
send: "code"
})
})
but after getting OTP I tried to verify the OTP using
fetch(`https://shimil.auth0.com/auth0/ro`, {
method: "POST",
headers: {
Accept: "application/json",
"content-type": "application/json"
},
body: JSON.stringify({
client_id: "XXXXXXXXXX",
connection: "Username-Password-Authentication",
phone_number: to,
code: this.state.otpcode
})
})
in this, I am not able to verify. it is getting Not Found.API is not working,
so my basic requirement is if I verify through OTP that user should list on https://manage.auth0.com/#/users
so please help me with this. I am stuck with this problem for one week
After following up with support, I was able to confirm Passwordless is reliant on Universal Login at this time. At this point embedded lock and Passwordless associations are deprecated.
About oath/ro, the documentation says that the feature is disabled by default which suggests it can be re-enabled but it does not seems so.
This is correct and the case with all new tenants, we are unable to re-enable the oauth/ro feature set.
Sadly, you can send the OTP but you will not be able to verify it manually.
I’m sorry for any confusion this may have caused.
https://auth0.com/docs/api/authentication#authenticate-user
I wanted to touch base and see if you had any additional questions on this subject @iamshimil. Thanks in advance!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.