Using Auth0 Passwordless Email Connection

Hi there,

Has anyone successfully managed to implement Auth0 Passwordless (via email) with 8base?

I’m struggling on to how/when the user needs to be created and then linked to a new user entry in 8base.

Any input? Maybe @akinduko @sebastian.scholl


So, after some more testing, I ended up finding the right flow (I think). (It still fails though… :/)

  1. Auth0 - Send a code by email (/passwordless/start)
  2. Auth0 - Authenticate the pair email/code (/oauth/token) and get an id_token
  3. 8base - Run “userSignUpWithToken” with appropriate idToken, authProviderId and user{email}

Here is my graphql mutation:

  mutation($authProfileId: ID!, $email: String!) {
    userSignUpWithToken(authProfileId: $authProfileId, user: { email: $email }) {

That I run as follow:

 await ctx.api
            authProfileId: process.env.AUTH_PROFILE_ID,
            // Tried both solutions seen in the doc
            // authorization: id_token,
            headers: {
              Authorization: `Bearer ${id_token}`,

And it fails returning:

"Email in JWT token doesn't match email passed into mutation."

When clearly the JWT token contains the same email.

Then when testing through Postman manually for the same request, I end up getting a NotAuthorizedError returning:

"You don't have permission to perform this operation"

Any idea @sebastian.scholl on why it may fail? May role settings alter this process flow?

Nevermind, I had a trigger before Users.create which was creating relationships and I guess something.

I’ll come back here to give a clear “How-to Passwordless” someday soon.

Hey @gahabeen - I’ve actually been planning on working out a way to figure out this myself. Hopefully I’ll have something for you soon!

Hey @sebastian.scholl , I actually got it working smoothly.

I’ve set up two custom resolvers: userPasswordlessStart and userPasswordlessLogin.
While the first one simply sends the code/link via email/sms (via Auth0 api), the second accepts an email/code as inputs and does the following:

  • Signs the user in via Auth0 (automatically signup/login depending if user already exists or not)
  • If user already exists in db, simply return the token
  • If use doesn’t exists in db, run signUpWithToken with { authProfileId, email } with { headers: { authorization: "Bearer <id_token>" } }.

That’s simply it.

Right on!

Would love to see more of your approach and work on a tutorial for the flow. Would you be open to sharing your resolvers? (without keys :wink:)

Sure, I’ve quickly put together a gist:

Keep me posted if you’ve got questions.

1 Like

Going to write up a tutorial and give you a shout out!

1 Like