We are using the Auth0 hosted password reset page and after a successfult password reset the user is being redirected back to our sign-in page:
See: Dashboard -> Emails -> Templates -> Redirect To
The redirect url generated by Auth0 included PII (personally identifiable information) in the form of the users email:
This information ends up in Google Analytics and is a violation of the TOS:
It also just a bad idea to include a user’s email in a plain URL.
How can we prevent the redirect URL from containing the user’s email?