# Use Auth0 Passwordless (Magic Link) This guide explains how to set up passwordless authentication using Auth0's Email Magic Link feature with Limio. This is ideal for customers who want a frictionless login experience without passwords but don't have an existing Identity Provider (IdP) that supports magic links. > **Looking for standard Auth0 SSO?** If you want traditional username/password authentication with Auth0, see [Use Auth0 with Limio for Customers](/product/authentication/sso-your-authentication/use-auth0-with-limio-for-customers.md). ## How Magic Link Authentication Works When a user enters their email address on your Limio shop: 1. Auth0 sends an email containing a unique, time-limited link 2. The user clicks the link in their email 3. Auth0 authenticates the user and redirects them back to Limio 4. The user is logged in without entering a password > **Important Browser Requirement**: The user must click the magic link in the same browser where they initiated the login request. This is particularly important for iOS users, as Safari is the default browser for opening email links and cannot be changed. ## Prerequisites * An Auth0 account with access to the Auth0 Dashboard * Auth0 Classic Login enabled (Universal Login does not support Magic Links) * A custom email domain configured in Auth0 (recommended for production) ## Auth0 Configuration ### Step 1: Create an Application In the Auth0 Dashboard, create a new Application (or use an existing one) and configure the following under **Settings**: **Application Login URI:** ``` https://{limio-tenant}-shop.prod.limio.com/api/sf ``` **Allowed Callback URLs:** ``` https://{limio-tenant}-shop.prod.limio.com/api/sf ``` **Allowed Logout URLs:** ``` https://{limio-tenant}-shop.prod.limio.com/api/sf/logout ``` ### Step 2: Enable Passwordless Email 1. Navigate to **Authentication > Passwordless** in the Auth0 Dashboard 2. Toggle **Email** to enabled 3. Click on the **Email** connection to configure it: * Select **Link** as the authentication method * Customise the email **From Address**, **Subject**, and **Message** as needed ### Step 3: Enable for Your Application 1. In **Authentication > Passwordless**, click the **Email** connection 2. Go to the **Applications** tab 3. Enable passwordless for your Limio application ### Step 4: Configure Email Provider (Production) For production use, configure an external SMTP provider instead of Auth0's default: 1. Go to **Branding > Email Provider** 2. Configure one of the supported providers: * SendGrid * Amazon SES * Mailgun * Mandrill * SparkPost * Custom SMTP ## Limio Configuration Go to **Settings > Authentication > OpenID Connect** and provide the following: **Provider Name**\ An arbitrary name to identify the authentication mechanism, e.g., `auth0-passwordless-{limio-tenant}`. **Issuer Name**\ The Issuer URL from Auth0: `https://{auth0-tenant}.auth0.com/` (include `https://` and the trailing `/`) **Client ID**\ The Client ID from your Auth0 Application settings. **Client Secret**\ The Client Secret from your Auth0 Application settings. **JWKS URI**\ `https://{auth0-tenant}.auth0.com/.well-known/jwks.json` **Authorization Endpoint**\ `https://{auth0-tenant}.auth0.com/authorize` **Token Endpoint**\ `https://{auth0-tenant}.auth0.com/oauth/token` **Logout Endpoint**\ `https://{auth0-tenant}.auth0.com/v2/logout` **Token Endpoint Type**\ Set to `Basic`. **Scope**\ `openid profile email` ## Security Considerations * **User Enumeration**: By default, Auth0 will send emails even if the user doesn't exist. Consider enabling "Disable Sign Ups" if you want to restrict access to pre-registered users only. * **Link Expiration**: Magic links expire after a configurable period (default is 5 minutes). Adjust based on your security requirements. * **Custom Domain**: Use a custom email domain for production to improve deliverability and trust. ## Troubleshooting | Issue | Solution | | ------------------------- | ------------------------------------------------------------------------------------------------- | | User not receiving emails | Check spam folders; verify email provider configuration | | Link expired error | User took too long to click; request a new link | | Invalid state error | User clicked the link in a different browser; must use the same browser | | iOS users having issues | Ensure users understand they must open the email in Safari or use the same browser for both steps | ## Further Reading * [Auth0 Passwordless Documentation](https://auth0.com/docs/authenticate/passwordless) * [Auth0 Email Magic Link Setup](https://auth0.com/docs/authenticate/passwordless/authentication-methods/email-magic-link) * [Configuring Email Providers in Auth0](https://auth0.com/docs/customize/email/smtp-email-providers) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.limio.com/product/authentication/sso-your-authentication/use-auth0-passwordless-with-limio.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.