Hi, I’m working on a move from Rules to Actions. I have a test tenant where I’m trying it.
Everything except for one thing seems ok.
We use consent redirects, I get redirected like I should, the flow goes on to Continue, still all good and at the end, our front end calls authorize endpoint, and instead of being redirected to my callback page, I get redirected to a login page, so the authorize call doesn’t work in that moment, then I am able to login normally and everything is fine. But there is now this one unnecessary login to be done. With Rules, this was not happening.
I see no errors or fails in logs, the actions were not called it seems from my “webtask logs”, so something must have happened automatically in auth0 before calling the action. I have no idea how to find out what can be wrong.
Comparing calls, cookies and params in the browser it all seems identical.
Is there a way to see why an authorize endpoint redirects to login, when there is nothing failing in normal logs? Btw this is happening in like 80% of cases, sometimes the redirect works fine, making it even stranger.
If anyobody is interested, it turns out the problem was hidden described in this page: (Session Layers)
If you update user’s “email_verified” flag, he gets logged out, which is exactly what we are doing in our flow with our custom email verification. No idea, why it was working without the logout in Rules. Imho, this behavior doesn’t make sense, because then this flag is unusable, but at the same time it is required for reset password? (Use Verified Email in User Profiles)
So we kind of need it to be set and also don’t want to logout the user…
it was eventually resolved by asking auth0 support to turn on one magic switch in our tenant.
Thank you Auth0 Support team.