Why doesn't passwordless authorization count logins?

All my users that authorized via passwordless link have “latest login - never”. But these users successfully uses my app. It confusing me when i try to find such users in management console.

Hi @sergey.linnik,

Welcome to the Community!

I tested this today and was not able to reproduce the behavior. I am seeing a login time after the user first logs in.

Can you give me steps to reproduce the behavior?

Thanks,
Dan

thank you for your reply.

register new user using email/password -> user gets email with passwordless code -> clicks it -> redirects to my app, where verification_code from email uses to authorize the user via auth0 lib.
I see hit in Dashboard as “new sign up”, opens and see “latest login - never”

The user you linked is on a db connection rather than an email passwordless. How are you registering the user? Through the dashboard or through an app? If it is in an app, can you share your login code?

Thanks,
Dan

ok, i connect my colleague, he is front-end developer

We call passwordlessLogin with verification code first:

this.webAuth.passwordlessLogin({
            connection: 'email',
            verificationCode,
            email
        }, (err, res) => {
            err ? s.error(this.getErrorResponse(err as any)) : s.next(res);
            s.complete();
        });

And then after auth code received we do:

this.webAuth.client.oauthToken({
            grantType: 'authorization_code',
            code,
            redirectUri: authConfig.redirectUri
        }, (err, res: auth0.Auth0DecodedHash) => {
            err ? s.error(this.getErrorResponse(err as any)) : s.next(res);
            s.complete();
        });

auth0-js version 9.11.2

I’d like to note.
We use passwordless login together with email/password registration:

  1. user enter email and password on the sign up page
  2. a request for registration and passwordless is sent (the user cannot log in until the email is verified)
  3. the user follows the link and webAuth.passwordlessLogin was called
  4. Also at this moment, the auth0 rule of combining users with the same email is called, and as a result, our user is logged in to the system and he can also enter via email/password next time

also we have custom passwordless link template

https://app.22skills.com/auth0?verify={{ code }}&email={{ user.email }}

The email password user and the passwordless user should be considered seperate users. Are you seeing the email connection (passwordless) user in your user list? It may take a minute to populate.

we understand it. But we need this scenario:

  1. user registers via email/password
  2. gets email with confirmation link
  3. clicks it and automatically logs in to system without entering email/password again
  4. and our “merge users” rule links email and db users into one with two providers
    Auth0 doesn’t have such functionality. So we implement it using custom email with custom link, that uses passwordless authorization under the hood.