When exporting our Auth0 Configuration I noticed the following new entry:
passwordless:
allow_magiclink_verify_without_session: true
According to Auth0’s own documentation magic links aren’t supported by the new universal login. Why is this showing in our config?
I am seeing the same and I can’t seem to find any configuration setting for it on the console:
tenant:
...
universal_login:
...
passwordless:
allow_magiclink_verify_without_session: true
From what I can see, this field is a part of the tenant settings resource, even if it is not currently documented in the Management API Reference.
Since there is no mention of it anywhere in the official docs, it is hard to say what its true purpose is. However, this StackOverflow user seemed confident that it is related to a CSRF patch for the passwordless magic links.
Maybe the Auth0 team will update the docs eventually for us to know.