Use Auth0 Passwordless (Magic Link)
This guide explains how to set up passwordless authentication using Auth0's Email Magic Link feature with Limio. This is ideal for customers who want a frictionless login experience without passwords but don't have an existing Identity Provider (IdP) that supports magic links.
Looking for standard Auth0 SSO? If you want traditional username/password authentication with Auth0, see Use Auth0 with Limio for Customers.
How Magic Link Authentication Works
When a user enters their email address on your Limio shop:
Auth0 sends an email containing a unique, time-limited link
The user clicks the link in their email
Auth0 authenticates the user and redirects them back to Limio
The user is logged in without entering a password
Important Browser Requirement: The user must click the magic link in the same browser where they initiated the login request. This is particularly important for iOS users, as Safari is the default browser for opening email links and cannot be changed.
Prerequisites
An Auth0 account with access to the Auth0 Dashboard
Auth0 Classic Login enabled (Universal Login does not support Magic Links)
A custom email domain configured in Auth0 (recommended for production)
Auth0 Configuration
Step 1: Create an Application
In the Auth0 Dashboard, create a new Application (or use an existing one) and configure the following under Settings:
Application Login URI:
Allowed Callback URLs:
Allowed Logout URLs:
Step 2: Enable Passwordless Email
Navigate to Authentication > Passwordless in the Auth0 Dashboard
Toggle Email to enabled
Click on the Email connection to configure it:
Select Link as the authentication method
Customise the email From Address, Subject, and Message as needed
Step 3: Enable for Your Application
In Authentication > Passwordless, click the Email connection
Go to the Applications tab
Enable passwordless for your Limio application
Step 4: Configure Email Provider (Production)
For production use, configure an external SMTP provider instead of Auth0's default:
Go to Branding > Email Provider
Configure one of the supported providers:
SendGrid
Amazon SES
Mailgun
Mandrill
SparkPost
Custom SMTP
Limio Configuration
Go to Settings > Authentication > OpenID Connect and provide the following:
Provider Name
An arbitrary name to identify the authentication mechanism, e.g., auth0-passwordless-{limio-tenant}.
Issuer Name
The Issuer URL from Auth0: https://{auth0-tenant}.auth0.com/ (include https:// and the trailing /)
Client ID The Client ID from your Auth0 Application settings.
Client Secret The Client Secret from your Auth0 Application settings.
JWKS URI
https://{auth0-tenant}.auth0.com/.well-known/jwks.json
Authorization Endpoint
https://{auth0-tenant}.auth0.com/authorize
Token Endpoint
https://{auth0-tenant}.auth0.com/oauth/token
Logout Endpoint
https://{auth0-tenant}.auth0.com/v2/logout
Token Endpoint Type
Set to Basic.
Scope
openid profile email
Security Considerations
User Enumeration: By default, Auth0 will send emails even if the user doesn't exist. Consider enabling "Disable Sign Ups" if you want to restrict access to pre-registered users only.
Link Expiration: Magic links expire after a configurable period (default is 5 minutes). Adjust based on your security requirements.
Custom Domain: Use a custom email domain for production to improve deliverability and trust.
Troubleshooting
User not receiving emails
Check spam folders; verify email provider configuration
Link expired error
User took too long to click; request a new link
Invalid state error
User clicked the link in a different browser; must use the same browser
iOS users having issues
Ensure users understand they must open the email in Safari or use the same browser for both steps
Further Reading
Last updated
Was this helpful?