Auth0 Home Blog Docs

Passwordless with code option fails with CORS


#1

I started with the quickstart with the link option and converted it to use a code instead.

The app is a single page app using the latest auth0-js (version 9.6.1).

Oddly the call to passwordless/start succeeds and I can see the correct access control allow origin header there:

image

However, the call to passwordless/verify does not have the access control allow origin header:

I’d appreciate it if someone can confirm either that I’m doing something wrong or that this is broken on auth0’s end.

Thanks.


#3

:wave: @kyle.reed curious which quickstart are you referring to?

Apologies I hadn’t finished my message - I shall continue here.

Can you ensure you have included your application’s domain URLs in the Allowed Web Origins and Allowed Origins (CORS) fields? Are you using passwordlessVerify() with hosted pages? If so, we should change that method call to use passwordlessLogin() instead.


#4

Re: Quickstart: I stated with the Vue.js passwordless quickstart.

I’m not using hosted pages. The auth-js documentation doesn’t say that this is required.

I’m also not seeing passwordlesslogin here: https://auth0.github.io/auth0.js/global.html#passwordlessStart

Re: Allowed Web Origins, yes absolutely. I don’t think the passwordless/start call would have worked without those settings.

Anyway, I’ve already moved on to another solution now. I couldn’t wait.