I’m using auth0.js and I was hoping other users could confirm this limitation as I cannot find it documented anywhere.
As nonce checking is now mandatory it appears to that if a user opens the magic link sent to them in a different browser to the one they used to make the sign in request the sign in will fail with a ‘nonce does not match’ error as the newly opened browser will not have the state and nonce stored. Can anyone confirm this is the case?
Just for a bit of background I have a couple of customers with sites that are mainly viewed in the Facebook app browser. As the magic link they receive will always open in another browser it looks like passwordless will no longer be an option for them.