Documentation Index
Fetch the complete documentation index at: https://auth0-feat-authentication-api-migration.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
POST /oauth/token
Once you have a verification code, use this endpoint to login the user with their phone number/email and verification code.
Remarks
- The
grant_typeshould behttp://auth0.com/oauth/grant-type/passwordless/otp. - The
client_idof your application is required. - The
usernameis either the user’s phone number (ifrealm=sms) or the user’s email (ifrealm=email). - The
realmmust be eithersmsoremail, matching the POST /passwordless/start request. - The
otpshould be the user’s verification code. - The
redirect_uriis a required callback URL that must be registered in your application’s Allowed Callback URLs.
Learn More
Parameters
A DPoP proof for the request. This is optional and only required if your application uses Demonstrating Proof-of-Possession.
Request Body
The client_id of your application.
The client_secret of your application. Required for Regular Web Applications only.
The user’s verification code.
Should match the connection used.Allowed values:
email, smsThe user’s phone number or email.
API Identifier of the API for which you want to get an Access Token.
The identifier of the target API (resource server) you want to access. Must match an API Identifier registered in your Auth0 tenant. Used as an alternative to
audience when the tenant’s Resource Parameter Compatibility Profile is set to compatibility.Use openid to get an ID Token.
A callback URL that has been registered with your application’s Allowed Callback URLs.
Response
| Status | Description |
|---|---|
| 200 | User authenticated successfully. |
| 400 | Bad Request. Invalid parameters. |
| 401 | Unauthorized. Invalid credentials. |