passwordless in auth0 is not taking api token during run time but working with same api using manually in sms provider and test case in auth0
Thank you for reaching out to us!
If your Auth0 Passwordless setup works perfectly when tested manually via the SMS provider and also during “Try connection” / “Test” cases in the Auth0 Dashboard, but fails to send or accept the API token/keys at runtime, it is likely that you are encountering one of the following:
-
If you configured a legacy Custom SMS Gateway under your Connection settings, Auth0’s native gateway integration does not support API Keys, Auth Tokens, or Basic Authentication at runtime. It only supports Unauthenticated HTTP requests and JWT (JSON Web Token) authentication. If your SMS provider requires API Key/Token, you must implement a Custom Phone Provider using Auth0 Actions;
-
Ensure you are adhering strictly to the exact Liquid syntax/macros expected by your gateway, or build a lightweight middle-layer proxy to handle the API payload translation between Auth0 and your SMS provider;
-
If the problem is not sending the SMS, but rather that the authentication token returned after submitting the SMS code is rejected by your API backend, check your runtime token parameters. In manual/test environments, Auth0 might successfully validate a code and return a Token. At runtime, however, if your frontend application initiates the passwordless flow without explicitly passing an
audienceparameter in the/authorizeor/oauth/tokenrequest, Auth0 defaults to issuing an opaque/JWE token instead of a standard JWT
Let us know if this helped solve the issues!
Best regards,
Gerald