Hi,
I’m currently developing a web app (vue.js) with auth0. I’m trying to get the passwordless login to work. The goal is that Sign-Ups are disabled and I can create new users via the management API and the users receive an e-mail with the the magic link.
The current workflow looks like this (all REST):
- Request an API-Token which has access to the management api via the /oauth/token endpoint
- create a new user with the received API-Token via the /api/v2/users endpoint
—> everything works to this point. The user can visit our login page, enter their e-mail and receives a code to login on the login page. That works perfectly, but we want to call the /passwordless/start endpoint of the authentification api so that the user doesn’t have to visit the site, input his e-mail and type in a code. The user should get an e-mail right away with a passwordless-login-link when we create them via the management / auth api of auth0.
What I tried:
3. POST /passwordless/start with body:
{“client_id”:ID_OF_THE_SPA",
“client_secret”:“SECRET_OF_THE_SPA”,
“connection”:“email”,
“email":"MAIL@MAIL.com”,
“send”:“link”
}
→ The user now should get an e-mail with the working magic link. The link looks like this:
https://COMPANYNAME.eu.auth0.com/passwordless/verify_redirect?scope=openid&response_type=token&redirect_uri=https://SPA_URL&verification_code=113634&connection=email&client_id=CLIENT_ID_SPA&email=MY_EMAIL
→ When I click the link it instantly redirects to this:
https://SPA_URL/#/error=unauthorized&error_description=Wrong%20email%20or%20verification%20code.
and the SPA shows a 404.
Any idea why this could happen? Is the workflow I described wrong or not achievable?