To use the Embedded APIs in Native applications, make sure you enable the Passwordless OTP grant at Auth0 Dashboard > Applications > Applications in your application’s settings under Advanced Settings > Grant Types. Passwordless authentication for Native applications consists of two steps:
  • Capture the user identifier in your application (the user’s email or phone number) and invoke the /passwordless/start endpoint to initiate the passwordless flow. The user will get an email or an SMS with a one-time password.
  • Prompt the user for the one-time-use code, and call the /oauth/token endpoint to get authentication tokens.
Below we list a few code snippets that can be used to call these API endpoints for different scenarios. Send a one-time-use password via email 
curl --request POST \
  --url 'https://{yourDomain}/passwordless/start' \
  --header 'content-type: application/json' \
  --data '{"client_id": "{yourClientId}",  "connection": "email",   "email": "USER_EMAIL",  "send": "code"}'
Send a magic link via email 
curl --request POST \
  --url 'https://{yourDomain}/passwordless/start' \
  --header 'content-type: application/json' \
  --data '{ "client_id": "{yourClientId}", "connection": "email", "email": "USER_EMAIL", "send": "link"}'
Send a one-time-use password via SMS 
curl --request POST \
  --url 'https://{yourDomain}/passwordless/start' \
  --header 'content-type: application/json' \
  --data '{ "client_id": "{yourClientId}",  "connection": "sms",  "phone_number": "USER_PHONE_NUMBER", "send": "code"}'
Authenticate an SMS user 
curl --request POST \
  --url 'https://{yourDomain}/oauth/token' \
  --header 'content-type: application/json' \
  --data '{ "grant_type": "http://auth0.com/oauth/grant-type/passwordless/otp",  "client_id": "{yourClientId}",  "username": "USER_PHONE_NUMBER",  "otp": "code",  "realm": "sms", "audience": "your-api-audience", "scope": "openid profile email"}'
Authenticate an Email user 
curl --request POST \
  --url 'https://{yourDomain}/oauth/token' \
  --header 'content-type: application/json' \
  --data '{"grant_type": "http://auth0.com/oauth/grant-type/passwordless/otp", "client_id": "{yourClientId}", "username": "USER_EMAIL", "otp": "code", "realm": "email", "audience": "your-api-audience", "scope": "openid profile email"}'
If you prefer, you can use the Android or iOS SDKs, which wrap this APIs in a platform-friendly way: