Passwordless Authentication Workflow Confusion

Hi everyone,

New to the service and trying to figure out a seemingly simple workflow. I have 5 standalone web pages, just plain HTML, JS, CSS. They just have links referencing each other, no front-end server, noback-end, no concept of state.

I am trying to implement passwordless authentication using the lock widget since it seems to be the easiest route. I can trigger the appearance of the lock, users can submit their email address and get the email, and when they click on the link they get redirected to my main page.

Here is my question:

  • How do I validate the user still has a valid auth0 session/token once they have been redirected to my app from the email? I see a “code” & “state” in the URL search string but that doesn’t map to an auth token so I can’t place a getUserInfo() call. I need some identified to place further calls. Having stand alone pages i don’t understand how i could be listening to an event. Any guidance would be appreciated.

I would expect the email to redirect the user to some kind of callback page where I could capture the info and store it for further use. I might have just missed that part, so any info you have regarding where to look would be greatly appreciated.