Hi Auth0 Community,
We’re encountering issues with passwordless login (code-based) using a custom email provider (SendGrid via API) in our EU tenant.ifying_glass_tilted_right: First try searching for your answer.
Issue 1: Email Code Delivery Delays Leading to Expired Logins
- Auth0 logs show the email code was “sent” (
type: cls
) at T₀. - SendGrid logs show the same message was processed ~2.5 minutes after T₀.
- Emails arrive promptly after SendGrid processes them, but by that time, the one-time login code is already expired.
- This delay happens even under low system load.
- We’ve updated the passwordless code expiration time to mitigate the issue, but this seems like a workaround rather than a fix.
We suspect there may be queuing or throttling within Auth0 before the message is handed off to SendGrid.
Issue 2: Emails Marked as Sent by Auth0 but Missing in SendGrid
In a few instances:
- Auth0 logs (
type: cls
) indicate that the code email was sent. - However, the corresponding email does not appear in SendGrid analytics (no processed, delivered, or bounced events).
- The affected addresses are not suppressed, bounced, or invalid in SendGrid.
- No
email_sending_failed
orfapi
logs were present in Auth0 for those cases.
This suggests a possible silent failure or drop between Auth0 and SendGrid, despite the successful cls
log entry.
Summary of Actions Taken
- Confirmed SendGrid API integration is active and responsive.
- Checked for suppression/bounce issues — none found for affected recipients.
- Verified that
email_sending_failed
logs are absent in these cases. - Increased the passwordless code TTL, which reduces the impact of delay but does not address root cause.
Questions
- Could Auth0 be internally delaying or queuing emails before sending to SendGrid?
- Are there cases where an email could be marked as sent (
cls
) but never reach the email provider? - Are there known issues or limitations when using SendGrid via API for passwordless code flows?
- Is there a way to enable more visibility into the email sending process (e.g., pre-send logs, retries, failures)?
I’d appreciate any insights or guidance to help me resolve this or improve reliability and observability of my passwordless login emails.
Thanks in advance!
—
Ilya