I’m in a situation where I’m using auth0-js inside an angular app for passwordless login via the WebAuth.passwordlessStart method. I have set up an action in auth0 during pre-user registration where I would like to receive a parameter off the event or api object for further user verification. More specifically, I have added a recaptcha on the login page and would like to send the recaptcha token through to my pre-user registration action so I can call out to google’s recaptcha verification endpoint inside the action and admit or deny the user based on google’s response. This would ideally happen when calling passwordlessStart instead of passwordlessLogin, but either scenario is acceptable.
Looking at the docs, auth0 doesn’t support recaptcha in passwordless authentication scenarios, but our use case calls for it and wanted to know if there was a way to support this.
We recently updated Lock to add support for captcha on passwordless flows, see here https://github.com/auth0/lock/releases/tag/v11.35.0 so you should just be able to configure it via Security > Attack Protection > Bot Detection:
Since this topic touches Auth0 Actions, quick heads-up that we’re hosting an Ask Me Anything dedicated to Actions with Gaston Danilo Asis Sanchez, Senior Technical Product Manager. We’ll cover practical usage, new capabilities like Transaction Metadata and Actions Types, plus a peek at what’s next.
Submit questions now through Aug 26
Get detailed written answers live on Aug 27, 9–11 AM PT
Earn community points + a badge. If you’re exploring how Actions can streamline your auth flows, this is a great time to get direct guidance from the team. Join the AMA & drop your questions here:August 27 Auth0 Community Ask Me Anything: Actions