Hi All,

We have been using AuthO’s passwordless verification (sending link using email) with SendGrid email provider for the past few months. However, since 03rd Oct 2019, the magic link/the redirect URL is not being generated.

As per the logs on AuthO, I could see that the parameters are being passed to AuthO from our API but when the end user receives the email, the state and redirect_uri values are missing.

Redirect link:

{% assign id = ‘’ %}
{% assign split = link | split:"&" %}
{% for item in split %}
{% assign pair = item | split:’=’ %}
{% if pair.first == ‘state’ %}
{% assign id = pair.last %}
{% endif %}
{% endfor %}

{% assign redirect = “” | append:application.callbacks.first | append:"?code=" | append:code | append:"&id=" | append:id | append:"&email=" | append:user.email %}

AuthO log(has state and redirect_uri):

AuthO%20log744×229 15.3 KB

Current URL(missing redirect_uri/(application.callback_domain) and state):

I could see two issues in the generated link.

• It is missing {{ application.callback_domain }}.
• The liquid syntax(.first, .last) in email templates are not working.

Expected URL:

Expected%20URL716×196 31.3 KB

Any assistance is much appreciated - thank you in advance.

Thanks,

Merz

Hi @merzzrc,

Welcome to the Auth0 Community Forum!

Did you switch to the New Universal Login Experience?

It does not support passwordless at this time.

If not, we can dive deeper into your issue.

Hope this helps!

Thanks,
Dan

Hi @dan.woda,

Thank you for your reply. We didn’t make any attempts to switch to Universal login(we are not calling Auth0’s /authorize endpoint which triggers Universal Login as per https://auth0.com/docs/universal-login#implement-universal-login)

Happy to share more information if needed.

Thanks,
Merz

@dan.woda I am working with @merzzrc - we have had to disable passwordless authentication as this issue is blocking our users. Are you able to advise if Auth0 are looking into this issue? This was working with no issues until Oct 3, we want to continue to use passwordless but will be forced to look at other options if there is no solution for this issue. Please help!

Hi @brooke,

Sorry for the delayed response. Could you please DM me the the name of your tenant so I can take a look further?

Thanks,
Dan

Can you please DM me a HAR file so I can investigate further?

Hi @dan.woda I think @merzzrc has sent you the HAR file, have you been able to identify the cause of this problem? If there is no way to resolve this issue we will need to review alternate solutions as soon as possible. Any ideas or a progress update would be great!

Hi @brooke,

Sorry for the delay.

The har file I was sent has no passwordless transactions in it. It looks like just a request to a drafts endpoint. Please review the HAR doc I linked above and record the entire authentication transaction so I can take a look.

As a note: we also offer dedicated support in our dev tier. It may be worth considering if you run into problems that are time sensitive like this and it fits your use case.

Thanks,
Dan

@dan.woda - we are very interested in extra support from Auth0, however the pricing table on your site indicates that there is no additional support until Enterprise level. If there is a package at developer level that would provide tech assistance beyond forums I am definitely interested in discussing.

image1114×274 11.4 KB

@brooke,

Dev tier customers should have access to our support team. We recently did a pricing overhaul and I am wondering if it didn’t get added to the pricing page on accident. I will report back.

edit: I am happy to continue working through this, specifically look at that HAR

Hi @dan.woda,

Thank you for looking into this one for us - appreciate your assistance.

Here is what we do; when the request is made to drafts endpoint(which contains user email id), we are making AuthO’s /passwordless/start POST request from backend with below payload:

client_id = our client id,

connection= “email”,

email = user email,

send= “code”,

authParams = (scope= “openid”, state=UUID, redirect_uri=uri)

as per https://auth0.com/docs/api/authentication#get-code-or-link

So I’m not sure if I can record the entire authentication transaction as we are calling AuthO’s API from our backend – please comment on this.

Thanks and Regards,
Merz

Hi @merzzrc @brooke,

I had some more time to dig into this today and reviewed the whole thing from the start.

Just to confirm, this all worked previous to 10/3 and nothing was changed? I cannot get application.callbacks to display, and can’t find a reference to it anywhere. Was this variable working?

Hi @dan.woda,

Thank you for reviewing for us.

We configured the redirect URL(applications.callback) based on https://auth0.com/docs/email/templates#configuring-the-redirect-to-url and yes, it was 100% working perfect till Oct 3rd.

Thanks and Regards,
Merz

@merzzrc,

I am seeing application.callback_domain as an option on the page you linked, but not applications.callback or application.callbacks.

Will you give that a try?

@dan.woda,

Yes, we tried that option too but no luck.

I submitted a request to the engineering team to confirm the behavior. I will report back here.

It looks like there were some changes that were causing this bug. Engineering has rolled out a fix for this and it should be on our stable release tomorrow.

That’s fantastic - thank you for the update, Dan.

Let me know if things are still not working correctly.

Thanks @merzzrc

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.