We finally found the solution. After some testing and finding this post:
Steps to implement:
- Request POST https://domain.eu.auth0.com/passwordless/start
with body:
{
“client_id”: “client_id”,
“connection”: “email”,
“email”: “email”,
“send”: “code”,
“authParams”: {
“scope”: “openid profile offline_access”
}
}
Considering you have setup the passwordless connection you will receive an email.
Now make sure you setup ‘Default Directory’ under tenant settings, set this to “email” to use the email passwordless connection.
Also, enable the password grant type under your application settings → Advanced → Grant Types.
(read the warnings on this page!)
Now you can send the verification code to the following oauth endpoint:
POST https://domain.eu.auth0.com/oauth/token
with body:
{
“scope”:“openid offline_access”,
“response_token”:“token”
“sso”:“false”
“connection”:“email”
“username”:“email”
“password”: “verification code”
“client_id”:“client_id”
“grant_type”:“password”
}
Now we can continue implementing this in our app 
Please add this to the documentation pages so the next guy can find it easily.