I would like to improve the user experience in the reset password flow by redirecting the user to a custom page in my application when the reset password link has expired. On that page, I want to display an error message and provide a button that allows the user to request a new reset password email.
I tried to handle the expired ticket scenario within the customization of the reset password page, but it appears that this page is rendered only after the ticket has already been validated. Therefore, it does not seem possible to catch the expired ticket state there.
I found some suggestions in the forum recommending the creation of a custom error handling page within the application. However, I was not able to find clear guidance on how to test this flow locally (the related topics I found were closed without answers). Additionally, it seems there is no way to retrieve the user’s email address from the expired ticket in order to resend the reset password email automatically.
Is there any way to intercept the ticket validation process when it has expired and redirect the user with the necessary data to a custom page?
Hi @BesConstantine
Welcome to the Auth0 Community!
As you have mentioned, it would require you to implement a Custom Error Page and then parse the error information that Auth0 passes to it. When a password reset link expires, Auth0 redirects to this error page and includes details about the error in the URL’s query string. Your custom page can read these details to identify the specific error and display the correct UI.
While you cannot retrieve the user’s email directly from the expired ticket, you can create a flow where your custom error page prompts the user to re-enter their email to restart the process.
First, you need to tell Auth0 where to send users when an error occurs. You can find more information about that in our documentation. The url for an expired ticket should look something like this: https://yourapp.com/auth/error?message=The%20link%20has%20expired&error_code=invalid_ticket
You should also be able to detect this error when using a password-reset-post-challenge and use api.redirect.sendUserTo(your_custom_error_page). These parameters should by available in the transaction object of the event body.
If you have any other questions regarding the matter, please let me know!
Kind Regards,
Nik
1 Like