I have a flow in my app where a user can link their mobile phone to their account i.e. link an sms connection to an email connection. In short, user enters their mobile number, a code is sent via /passwordless/start endpoint. The user then enters the code and a token is obtained via /oauth/ro endpoint.
The /oauth/ro endpoint is now legacy and I would like to switch to the replacement endpoint before heading to production but there doesn’t appear to be one, unless I’m mistaken. The /oauth/token endpoint doesn’t appear to allow passwordless authentication and responds with a 400 “Passwordless authentication is not allowed on this endpoint”’
The /oauth/ro endpoint was deprecated almost 1 year ago and not available to customers since 8th June 2017 I believe. and I imagine mobile linking is a fairly common requirement for applications. How do non-legacy customers implement this?