Auth0 Home Blog Docs

Don't send along email as plain text in query paramater


#1

We’re seeing plain-text email-addresses in query parameters of callback-urls, for example when a user has verified its email or changed its password. These email-addresses will end up in our logs, which we can’t do a lot about, and we don’t need them either. Could these be (optionally) removed please? It could potentially be a privacy risk.