Hi guys,

Basically, I’m trying to allow admins on my site to send emails that will authenticate a user and redirect them so a certain resource on the site. I have tried using the auth0 AuthenticationClient.passwordless.sendEmail which is triggered on my API server when a certain request is called but I am receiving the error below. Any Ideas on how to sort this out?

Tried

• Sending a “random string” (literally) as the nonce in the Passworless Parametes but this returns a token mismatch.
• Sending the link using Auth0s’ try button in https://manage.auth0.com/#/conections/passwordless → email

Passwordless Parameters

Set In https://manage.auth0.com/#/conections/passwordless → email

{
  "response_type": "token id_token",
  "audience": "localhost",
  "scope": "openid"
}

The Function Called on the API Server

const auth0Auth = new AuthenticationClient({
  domain: 'NOPE.eu.auth0.com',
  clientId: 'blahblahblah',
  clientSecret: 'SHHHHHHH'
});
auth0Auth.passwordless.sendEmail({
    email: args.email,
    send: 'link'
})

The Log

{
  "date": "2018-10-21T07:49:45.047Z",
  "type": "f",
  "description": "Missing required parameter: nonce",
  "connection_id": "",
  "ip": "SUPERNOPE",
  "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36",
  "details": {
    "body": {},
    "qs": {
      "scope": "openid",
      "response_type": "token id_token",
      "redirect_uri": "http://localhost:8080/auth/callback",
      "audience": "localhost",
      "verification_code": "585263",
      "connection": "email",
      "client_id": "blahblahblah",
      "email": "william@NOPE.com"
    },
    "error": {
      "message": "Missing required parameter: nonce",
      "oauthError": "invalid_request",
      "type": "request-error"
    }
  },
  "hostname": "NOPE.eu.auth0.com",
  "log_id": "90020181021074945047718983117493180475001845415443169282"
}

Did you try the same request using postman?

curl -X POST
https://**.auth0.com/passwordless/start
-H ‘cache-control: no-cache’
-H ‘content-type: application/x-www-form-urlencoded’
-H ‘postman-token: 18d6d0ad-f3f7-d926-5e0d-1f554081d2d8’
-d ‘client_id=myClientId&connection=email&email=my@email.com&send=link’

This works for me. On clicking on link i was redirected to my callback url with error from one of the rules. But the magic link works.

Sorry, I should have clarified! The link is sent and works but fails when authenticating. Thus I never get redirected to the callback url

{
"error": {
      "message": "Missing required parameter: nonce",
      "oauthError": "invalid_request",
      "type": "request-error"
    }
}

Hey there @Will_i_am when you get a minute can you give this a shot for your passwordless params?

{ 
"response_type": "token id_token", 
"scope": "openid",
"nonce": <RANDOM STRING>
}

This is because OIDC mandates that the id_token issued must have a nonce to prevent against replay attacks. Please let me know if this helps you resolve the issue. Thanks!

Hey @James.Morrison ,
For some reason I am no longer able to edit the Authentication Parameters in Passwordless Connections → Email → Settings

Very Weird!

Are you receiving an error in the development console or is it greyed out? Can you share some more details on what you are seeing? Thanks in advance!

The email template is grayed out understandably as im using Auth0s provider, but the Parameters are not grayed out but they are not editable.

Hi @James.Morrison ,
Any idea why I am no longer able to edit the parameters?

After checking with our team this sounds like it’s being addressed and may see changes at the start of next week. If you don’t mind please follow up with me in this thread on Monday to see if the issue is still present. Thanks!

@James.Morrison Still no luck

I’m sorry to hear that @Will_i_am, I’ll dig in and see if I can find out more about what’s going on and keep you posted. Thanks.

I wanted to touch base and confirm this is not what you are seeing?

54%20PM1162×1224 80.6 KB

For me in the above screenshot the Authentication Parameters text is grayed out and cannot be manipulated. I’m utilizing the latest version of chrome in this sample. Any additional insight would be appreciated, thank you.

After checking with our support department @Will_i_am they were aware of the issue and are currently working on a fix. However it’s important to note, you can add a custom email provider to be able to make custom changes to the Authentication Params as a temporarily work around. I apologize for any confusion.

Thanks for all the help @James.Morrison, do you have an idea when I could expect a fix?

@Will_i_am I am unable to give a firm ETA but I know it’s being actively worked on. Thanks!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.