The Auth0.js v9 Reference suggests using Embedded Login for Passwordless. Why not Universal Login?

Following the Auth0.js v9 Reference, it suggests to first use the webAuth.passwordlessStart function to send the user a code by email and then to use webAuth.passwordlessLogin to complete password authentication and sign them in.

The docs say that passwordlessLogin “Logs in the user by verifying the verification code (OTP) using the cross origin authentication (/co/authenticate) flow”.

So the docs suggest using the passwordlessLogin function, which uses Cross Origin Authentication, which as far as I understand, is Embedded Login and not Universal.

So I must be missing something here. How do I use the SDK to do passwordless login with a custom UI using Universal Login? Do I use something different to webAuth.passwordlessLogin? This page here certainly seems to suggest you can use Universal Login + Custom UI + Auth0.js SDK.

Any pointers would be great because I’m not finding this very obvious in the docs / guides.

@dan.woda or literally anyone at Auth0 - care to answer this for us?

Hi @evp and @chris37,

You can use UL + Custom UI + Auth0.js to do passwordless login.

This doc states how to set it up, what methods to use, and what options.

Have you tried it? Are you seeing any specific errors?

Hey @dan.woda, I did give that a go, however, Auth0.js v9 still does not support PKCE flows (there is a closed GitHub issue from 2019 with customers asking for this - it was closed out in favor of customers using classic login…)

I was able to use webAuth.passwordlessStart along side a custom ui that I build out, and tossed into universal login, however, I found no way to be able to pass in the PKCE-flow parameters when initializing the library with new auth0.WebAuth.

Unfortunately, at least for the projects I am working on, we can’t be constrained to having no customization of the UI as well as no PKCE support, while also being asked to pay for passwordless authentication connections.

@evp,

You should be able to use the PKCE flow from your app to Classic UL, then auth0.js in Classic UL with a custom login form. Is that what you’re doing?