Auth0 is passing mailID in the call back url. This is resulting in user privacy breach. Please advise how we can avoid passing the mail ID in the url.
I’m assuming you refer to the present of an email address in the query string of an URL configured to be the redirect URL for example for an email verification flow. At this time, if you don’t configure a redirect URL then the issue would no longer apply; if you do need to configure a redirect URL then you’ll need to take in consideration the email will be available in the query string. There were similar reports where the issue was that Google analytics complained about this situation, if that’s the case then the redirect URL should not be processed by analytics.