Auth0 Home Blog Docs

Passwordless authentication using api


Hello all,
it is not clear to me if there is a way to use Authentication API for password less login (email, with verification code).
I can send a verification code using /passwordless/start but it looks like the verification endpoint oauth/ro is not accessible anymore, even enabling the “password” grant_type.

Is the documentation ( ) outdated? About oath/ro, the documentation says that the feature is disabled by default which suggests it can be re-enabled but it does not seems so.

Any alternatives to implement a passwordless authentication via verification code? My use case is an Electron application, where the classic flow for web applications does not work.


Hey there @iamshimil, you can use a passwordess with a verification as discussed in the below article. I see you state you can send the initial verification code but running into issues once past that. I have linked the code snipit on the lock implementation as well to hopefully provide some clarification. Please let me know if this helps you in your quest!

<script src=""></script>
<script type="text/javascript">
   var lock = new Auth0LockPasswordless('YOUR_CLIENT_ID', 'YOUR_AUTH0_DOMAIN', {
    allowedConnections: ['email'],           // Should match the Email connection name, it defaults to 'email'     
    passwordlessMethod: 'code',              // If not specified, defaults to 'code'
    auth: {
      redirectUrl: 'https://YOUR_APP/callback',
      responseType: 'token id_token'

  lock.on('authenticated', function(authResult) {
      localStorage.setItem('id_token', authResult.idToken);
      localStorage.setItem('access_token', authResult.accessToken);

  function login() {;
<a href="javascript:login()">Login</a> 

Thanks for your replay. But I have some concern on this

1 ) I don’t want to use Lock implementation
2)My app is not in js. it is in react native
3)We need to make a native application on ReactNative. Authorization should not take place in the browser, but inside the mobile application, there should also be authorization by phone(Twilio)
4)I don’t want to use a browser

I don’t want to use universal login or auth0 Lock. I am able to trigger OTP using the API
like this

 fetch(``, {
    method: "POST",
    headers: {
      "content-type": "application/json"
    body: JSON.stringify({
      connection: "sms",
      phone_number: "+919633898851",
      send: "code"

but after getting OTP I tried to verify the OTP using

fetch(``, {
      method: "POST",
      headers: {
        Accept: "application/json",
        "content-type": "application/json"
      body: JSON.stringify({
        client_id: "XXXXXXXXXX",
        connection: "Username-Password-Authentication",
        phone_number: to,
        code: this.state.otpcode

in this, I am not able to verify. it is getting Not Found.API is not working,

so my basic requirement is if I verify through OTP that user should list on

so please help me with this. I am stuck with this problem for one week


After following up with support, I was able to confirm Passwordless is reliant on Universal Login at this time. At this point embedded lock and Passwordless associations are deprecated.

About oath/ro, the documentation says that the feature is disabled by default which suggests it can be re-enabled but it does not seems so.

This is correct and the case with all new tenants, we are unable to re-enable the oauth/ro feature set.

Sadly, you can send the OTP but you will not be able to verify it manually.

I’m sorry for any confusion this may have caused.


I wanted to touch base and see if you had any additional questions on this subject @iamshimil. Thanks in advance!

closed #7

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.