Using Passwordless code, through API

We finally found the solution. After some testing and finding this post:

Steps to implement:

  1. Request POST https://domain.eu.auth0.com/passwordless/start
    with body:
    {
    “client_id”: “client_id”,
    “connection”: “email”,
    “email”: “email”,
    “send”: “code”,
    “authParams”: {
    “scope”: “openid profile offline_access”
    }
    }

Considering you have setup the passwordless connection you will receive an email.
Now make sure you setup ‘Default Directory’ under tenant settings, set this to “email” to use the email passwordless connection.
Also, enable the password grant type under your application settings → Advanced → Grant Types.
(read the warnings on this page!)

Now you can send the verification code to the following oauth endpoint:
POST https://domain.eu.auth0.com/oauth/token
with body:
{
“scope”:“openid offline_access”,
“response_token”:“token”
“sso”:“false”
“connection”:“email”
“username”:“email
“password”: “verification code
“client_id”:“client_id
“grant_type”:“password”
}

Now we can continue implementing this in our app :slight_smile:
Please add this to the documentation pages so the next guy can find it easily.