Using Passwordless code, through API

Hi,

we have been using Passwordless with Magic Link, using the /passwordless/start endpoint.

We would like to switch to the Code option (instead of Magic Link), but I see that the /passwordless/verify/ endpoint is disabled/deprecated. How should we use Passwordless with Code through API (so, not through the hosted page)?

Thank you
Luca

1 Like

Can someone reply on this?

@luca.rossi

We have a similar issue open here: "passwordless/verify" incorrect documentation?

Once itā€™s resolved it might help you as well

@James.Morrison any news on this?

we are trying to implement the passwordless flow, but even the playground doesnā€™t work (getting a 404 when sending the email token)ā€¦
Documentation also seems outdated, is that true?

Is there an example of how to implement passwordless? Or at least a list of API call that I can use?

I do get a 200 status when calling /passwordless/verify butā€¦ thatā€™s all, iā€™m not getting a access or refresh token :confused:

Could you please reply? If we canā€™t get this working iā€™m afraid we have to look for a different identity providerā€¦

Hi @n.bijl, I sent you a direct message in regards to a HAR file request to further investigate the 404 you are experiencing. When you get a chance can you give that a look. The documentation is not currently known to be out of date. If you feel something is missing please let us know so we can add it accordingly.

As far as the Passwordless/verify status question as shared in the linked topic by Lukerollans, below is the quoted answer to that.

Linking Passwordless documentation as well for context: Passwordless Connections

Hi @James.Morrison,
iā€™m experiencing the 404 within the playground already, there the /passwordless/verify url is still used. So this is outdatedā€¦

If that URL is disabled, then how can we implement passwordless authentication? Please provide a playground where passwordless authentication is working or explain more about how to combine passwordless with the Application Grant Types.

Thanks!

Hi @James.Morrison
could you help us or assign my question to someone else?

If not I think we have no other option than to chose another service to handle authentication/authorization.

Thanks!

We finally found the solution. After some testing and finding this post:

Steps to implement:

  1. Request POST https://domain.eu.auth0.com/passwordless/start
    with body:
    {
    ā€œclient_idā€: ā€œclient_idā€,
    ā€œconnectionā€: ā€œemailā€,
    ā€œemailā€: ā€œemailā€,
    ā€œsendā€: ā€œcodeā€,
    ā€œauthParamsā€: {
    ā€œscopeā€: ā€œopenid profile offline_accessā€
    }
    }

Considering you have setup the passwordless connection you will receive an email.
Now make sure you setup ā€˜Default Directoryā€™ under tenant settings, set this to ā€œemailā€ to use the email passwordless connection.
Also, enable the password grant type under your application settings ā†’ Advanced ā†’ Grant Types.
(read the warnings on this page!)

Now you can send the verification code to the following oauth endpoint:
POST https://domain.eu.auth0.com/oauth/token
with body:
{
ā€œscopeā€:ā€œopenid offline_accessā€,
ā€œresponse_tokenā€:ā€œtokenā€
ā€œssoā€:ā€œfalseā€
ā€œconnectionā€:ā€œemailā€
ā€œusernameā€:ā€œemailā€
ā€œpasswordā€: ā€œverification codeā€
ā€œclient_idā€:ā€œclient_idā€
ā€œgrant_typeā€:ā€œpasswordā€
}

Now we can continue implementing this in our app :slight_smile:
Please add this to the documentation pages so the next guy can find it easily.

Iā€™m happy to hear you got it handled @n.bijl and thank you for detailing steps to resolve the challenge. I will look into documenting this into a FAQ for future easy of use. Thanks again for your patience!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Hi!

This solution is now obsolete. You can find instructions on how to implement this flow here https://auth0.com/docs/connections/passwordless/guides/embedded-login-native

Regards,

Andres

2 Likes

Thanks for the headsup @andres.aguiar!