Custom Error Description of Passwordless Email Magic Link

Overview

When a user clicks on a passwordless authentication email link that has expired, the user is directed to a page with the URI:

#error=unauthorized&error_description=The verification code has expired. Please try to login again.&state=xyz.

This article clarifies whether it is possible to display a custom error message or custom page after a user has clicked on an expired passwordless email magic link.

Applies To

  • Passwordless Email Magic Link
  • Custom Error Page

Solution

There are different strategies to customize the message, page, and navigation path. They include:

  1. Parsing and processing error parameters.

    When a user clicks on an expired link, they are directed to the Auth0 tenant.
    The tenant identifies the error and redirects back to the application’s callback URL, including the error details in the query string parameters.
    To show a custom error page, set up logic on the callback page that parses these query string parameters, checks for errors, and then processes the error as desired.
    For instance, if an error is found at the callback, then control logic can redirect to a specific error page in an app, such as /error, where it is possible to display the error details according to any preferences.

  2. Tenant Configuration.

    It is possible to configure a custom error page using the Auth0 dashboard. Please see Redirect Users to a Custom Error Page Using the Dashboard.
    Alternatively, there is the option to upload a custom error page using the Management API, which can handle some errors directly.
    More detailed information on these methods is available in this documentation.

Related References