Auth0 Home Blog Docs

Problems with passwordless links

passwordless

#1

We’re sending people passwordless links in the usual way, but not everyone manages to use them successfully.

I’ve not had problems myself despite numerous attempts to replicate, but others predictably fail. When they follow the links, they end up with an error “Wrong email or verification code” in the redirection URL. I’ve not found a pattern yet to explain why it might be happening - any ideas?

I know this is the same error that happens if you use a link twice, but the users haven’t done that, this is on first click. Are there email filters, etc that might be causing the link to be followed early and hence broken once it gets to the user?


#2

Are you still seeing this? If so, can you share the code you’re using to send passwordless links (without any sensitive info)?


#3

We have the same exact issue.
Our code is not very exiting, but here it is (hope it is the snippet you are looking for @jeremy.meiss - tell me if not):

webAuth.passwordlessStart({
connection: 'email',
send: 'link',
email,
  }, (err) => {
if (err) {
  console.error('Could not initiate passwordless start', err);
  // do stuff.
} else {

}
  });

#4

Argh, that posted before I had formatted it. I suppose you’ll be able to see the gist of it though.


#5

Same problem here, with the same way to send passwordless links.

If it helps, the returned authorization fragment is https://{origin}/authorise#error=unauthorized&error_description=Wrong%20email%20or%20verification%20code.&state=wZpE~0xy.rQXxb1sQ.CGJAL8f0ERDiMk


#6

That error would seem to suggest maybe an expired verification code?


#7

Hello - we worked out the problem. The passwordless link was indeed expired.

However it tripped us up because the iOS simulator doesn’t synchronise clipboards right away. So we wasted a morning copying and pasting links from our desktop email clients to the iOS web app to test - and sometimes we’d paste the old link without realising! :frowning: