I am looking to implement passwordless login with a SPA. For project-specific reasons I can not have a redirect, so need to remain on page at all times. Any calls to webAuth.passwordlessLogin redirects to complete the auth process.
Another option is documented here
to manually call POST https://YOUR_AUTH0_DOMAIN/oauth/token but this is not allowed with SPA applications and as expected doing so returns the following error:
- error_description: “Grant type ‘http://auth0.com/oauth/grant-type/passwordless/otp’ not allowed for the client.”
My question is, can I use a “regular web application” app even though I actually have an SPA to enable this feature? I could send the request via my API to not expose the secret.
Currently with an SPA can passwordless login happen without a redirect. From the docs I am assuming no and if so why is this the case?