And that is the intended user experience? That a non-technical end user would need to know to visually parse the URL in a query string for an error message?
My assumption is then that the Password Rotation action is not intended for web applications, especially those that utilize the Universal Hosted UI by Auth0?