Passwordless SMS: trying to log back in with an active session, "no phone_number or verification code"

Get Help
, , ,
15

Hi, @konrad.sopala,

Thanks for escalating this issue. This has become a blocker for us. Here is some additional information on how I’m experiencing this problem. No code/tenant configuration has changed.

I’m constructing an AuthorizationUrl via the BuildAuthorizationUrl() method provided by the AuthnticationApiClient as shown below

        string url = _authenticationApiClient.BuildAuthorizationUrl()
            .WithResponseType(AuthorizationResponseType.Code)
            .WithClient("Client identifier")
            .WithRedirectUrl("the endpoint that I should be redirected to.")
            .WithScope("openid")
            .WithValue("prompt","login") 
            .WithValue("login_hint", "email address passed as login hint") 
            .Build().ToString();

        return Redirect(url);

The behavior before I experienced the issue was that the redirect would take me to the Auth0 login page as expected by passing through the prompt=login parameter. Once I completed that stage I would then be redirected back to the redirect Url specified.

But now, I not presented with the login page instead an error is being returned back indicating a failure at the authorization endpoint.

The Auth0 logs for the tenant show the following. (See main error in bold)

{
“date”: “2019-02-14T17:16:37.061Z”,
“type”: “f”,
“description”: “no email or no verification_code provided”,
“connection_id”: “”,
“client_id”: “SENSITIVE INFORMATION”,
“client_name”: “SENSITIVE INFORMATION”,
“ip”: “SENSITIVE INFORMATION”,
“user_agent”: “Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36”,
“details”: {
“body”: {},
“qs”: {
“response_type”: “code”,
“client_id”: “SENSITIVE INFORMATION”,
“redirect_uri”: “SENSITIVE INFORMATION”,
“scope”: “openid”,
“prompt”: “login”,
“login_hint”: “SENSITIVE INFORMATION
},
“error”: {
“message”: “no email or no verification_code provided”,
“oauthError”: “access_denied”,
“type”: “oauth-authorization”
},
“session_id”: “mFL-1ZS4AlqRJHWVLwtxs4kF8JVAZ-cM”
},
“hostname”: “SENSITIVE INFORMATION”,
“user_id”: “SENSITIVE INFORMATION”,
“user_name”: “SENSITIVE INFORMATION”,
“audience”: “https://SENSITIVE INFORMATION/userinfo”,
“scope”: [
“openid”
],
“log_id”: “90020190214171637061851047972789516372534476022451535874”
}

2 Likes