we have been using Passwordless with Magic Link, using the /passwordless/start endpoint.
We would like to switch to the Code option (instead of Magic Link), but I see that the /passwordless/verify/ endpoint is disabled/deprecated. How should we use Passwordless with Code through API (so, not through the hosted page)?
we are trying to implement the passwordless flow, but even the playground doesnāt work (getting a 404 when sending the email token)ā¦
Documentation also seems outdated, is that true?
Is there an example of how to implement passwordless? Or at least a list of API call that I can use?
I do get a 200 status when calling /passwordless/verify butā¦ thatās all, iām not getting a access or refresh token
Could you please reply? If we canāt get this working iām afraid we have to look for a different identity providerā¦
Hi @n.bijl, I sent you a direct message in regards to a HAR file request to further investigate the 404 you are experiencing. When you get a chance can you give that a look. The documentation is not currently known to be out of date. If you feel something is missing please let us know so we can add it accordingly.
As far as the Passwordless/verify status question as shared in the linked topic by Lukerollans, below is the quoted answer to that.
Hi @James.Morrison,
iām experiencing the 404 within the playground already, there the /passwordless/verify url is still used. So this is outdatedā¦
If that URL is disabled, then how can we implement passwordless authentication? Please provide a playground where passwordless authentication is working or explain more about how to combine passwordless with the Application Grant Types.
Considering you have setup the passwordless connection you will receive an email.
Now make sure you setup āDefault Directoryā under tenant settings, set this to āemailā to use the email passwordless connection.
Also, enable the password grant type under your application settings ā Advanced ā Grant Types.
(read the warnings on this page!)
Now you can send the verification code to the following oauth endpoint:
POST https://domain.eu.auth0.com/oauth/token
with body:
{
āscopeā:āopenid offline_accessā,
āresponse_tokenā:ātokenā
āssoā:āfalseā
āconnectionā:āemailā
āusernameā:āemailā
āpasswordā: āverification codeā
āclient_idā:āclient_idā
āgrant_typeā:āpasswordā
}
Now we can continue implementing this in our app
Please add this to the documentation pages so the next guy can find it easily.
Iām happy to hear you got it handled @n.bijl and thank you for detailing steps to resolve the challenge. I will look into documenting this into a FAQ for future easy of use. Thanks again for your patience!