Passwordless authentication does not accept additional parameters

[damianharden]

Checklist

• The issue can be reproduced in the Auth0.swift sample app (or N/A).
• I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
• I have looked into the API documentation and have not found a suitable solution or answer.
• I have searched the issues and have not found a suitable solution or answer.
• I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• I agree to the terms within the Auth0 Code of Conduct.

Description

I am trying to pass additional parameters to Auth0 during passwordless authentication so that these parameters can be used to drive logic in a Post Login Action.

I have found that setting a parameter via parameters() fails for passwordless authentication (Auth0.authentication().startPasswordless()). However, if I instead call Auth0.webAuth() with a passwordless connection (like sms) and set parameters() for this approach then this does pass through additional parameters that are available in a Post Login Action via event.request.query.

I realise that these are separate calls (Auth0.authentication().startPasswordless() uses the /passwordless/start endpoint to call an API whilst Auth0.webAuth() opens a web view for the /authorize endpoint with the additional parameters appended to it).

Perhaps I am missing something. Can additional parameters be set for passwordless authentication (via Auth0.authentication().startPasswordless()) and if so how are these available in a Post Login Action?

If not:

• what is the intent of the parameters() available to Auth0.authentication().startPasswordless()?
• is passing additional parameters to Auth0 during passwordless authentication on the roadmap?

Reproduction

Call passwordless authentication with Auth0.authentication().startPasswordless():

Auth0
  .authentication()
  .startPasswordless(phoneNumber: mobileNumber, connection: "sms")
  .parameters(["message": "hello world"])
  .start { result in
    switch result {
      case .success:
        // Success
      case .failure(let error):
        // Failure
    }
  }

This call fails with the following error message:

Failed with: the following properties are not allowed: message

Next, call Auth0.webAuth() with a passwordless connection:

Auth0
  .webAuth()
  .connection("sms")
  .audience("https://api.example.com/")
  .scope("openid profile email")
  .useEphemeralSession()
  .parameters(["login_hint": mobileNumber])
  .parameters(["message": "hello world"])
  .start { result in
    switch result {
      case .success(let credentials):
        // Success
      case .failure(let error):
        // Failure
    }
  }

This call succeeds and the message parameter is visible in a Post Login Action via event.request.query.

Additional context

No response

Auth0.swift version

2.5.0

Platform

iOS

Platform version(s)

17.0

Xcode version

15.0.1

Package manager

Swift Package Manager

[Widcket]

Hi @damianharden,

For the parameters to be picked up by the PostLogin action, these should be sent when calling Auth0.webAuth() instead of startPasswordless(phoneNumber:connection:).

[Widcket]

Closing, as I believe the above answers your question. If you have any further questions, please reach out via Slack, as I see you're an Auth0 employee.