Auth0 Home Blog Docs

Passwordless connection not working for tenants created after Jan 2, 2020

I created a tenant in 2019 that allowed passwordless login and signup. When I create the connection, there is a “try” tab that allows me to test the twilio credentials I’ve entered for that connection. For my tenant created in 2019, this works fine and the signin works as expected.

However, for my tenant created after January 2, 2020, when I enter the exact same connection information, I get this error when I “try” the connection: “Error! Client authentication is required.”

I did some digging and found that there is a setting in the tenant settings > advanced tab that allows me to enable/disable “Enforce client authentication for passwordless connections.” This option is not available for tenants created after January 2, 2020 (possibly connected to the new passwordless api deployment related to that date). I believe this is the cause of the issue, but I see no way to resolve it from within my account. Anyone have any idea how to fix this so I can use passwordless connections with my new tenants?

Hey there! Let me check that for you and get back with the news soon!

Same here; this is critical for us

Hey @konrad.sopala, were you ever able to look into this? I’m currently facing the same issue. Thanks!

We recently introduced a change that requires is to send client_secret when starting the flow in confidential clients (eg: regular webapps as opposed to single page apps). This lets Auth0 authenticate that the API call was made from the right app.
For new tenants, the toggle to disable this behavior is not available.

  1. If you invoke /passwordless/start from a backend (regular web app), start sending the client secret in the body.
  2. If you invoke it from a frontend (single page app), change the Auth0 application’s type to Single Page App. Specifically, the ‘Token Endpoint Authentication Method’ in the application’s settings should be set to ‘None’.

Let us know if you come across any issues.

1 Like

Thanks for providing that knowledge @thameera!

Hi @cyrilchapon, @j1315b, @codescribblr

There’s currently a bug that does not let you TRY the passwordless connection for Regular Web Apps if the tenant has the “Enforce client authentication for passwordless connections” field enabled. This is because the call to /passwordless/start that is made from the TRY button dos not include the client secret.

New tenants always have that property enabled, and you can’t turn it off, as it’s a security risk. You should not make calls on behalf of confidential clients without providing a client secret.

It’s not a blocking issue, as the call will work for your own code if you provide the client secret.

The TRY button should work if you try it from a Native Application, which is not a confidential client, so it does not require a client secret.

We’ll be fixing the TRY button in the next few weeks.



We’ll let you all know once it’s there!