Before I dive into the issue let me explain our use case. We want to collect “some” user information in a login-ish form and then trigger the passwordless flow for logging in our user.
To be precise: we have a shopping experience and right before checkout we display a sign up form with user names (first, last) and of course email address. Then, via an api call we store those and create the user on Auth0.
I’m using nextjs-auth0 for securing my website.
I’ve tried creating the user via POST /v2/users to create and also via POST /passwordless/start and in both scenarios I do get the magic link, however when I press it I end up getting back to our website with a “short” token that I honestly don’t understand what’s for or how it works.
With the same app configurations if I go thru the universal login instead of shooting the api calls manually everything works as expected and nextjs-auth0 recognizes the token / session correctly.
Any hints help in this regard will be greatly appreciated.