Auth0 Home Blog Docs

HELP: Auth0 protocols are violating Google AdSense terms; how do I change pass reset URL?

password-reset
google
adsense

#1

I received the following from Google. It looks like Auth0 is sending PII to Google. How do I correct this issue? It doesn’t look like the URL in the reset password email is configurable.


Dear Publisher,

It appears that personally identifiable information (PII) is being passed to Google from your site(s).

Passing PII to Google is a breach of your contract with Google and may result in disabling of your account(s) if this is not resolved … If you fail to submit any response to this message within 7 days, access to your account(s) will be suspended.

Regards,

The Google Publisher Policy Team

URL group: mydomain.com/
Found 810 time(s) or 1 of the total records
URL sample: https://www.mydomain.com/?email=redacted@example.com&success=true&message=You can now login to the application with the new password.

https://auth0.com/docs/email/templates


#2

@joet thanks for pointing this out - I am investigating this internally and will get back to you within the next day with an update.


#3

@joet could you provide more details where and possibly how these URLs were detected by Google? Reset password link goes directly to your mailbox, is there any way these links were present on your website instead of e-mail message?


#4

The user clicks the link and then the resultant page produces an ad. The referring URL is available to Google Adsense and this URL contains an email address.


#5

The user clicks the link and then the resultant page produces an ad. The referring URL is available to Google Adsense and this URL contains an email address.


#6

Here’s the current status on this situation: the underlying situation is being tracked and planned to be addressed, however, at this time, I can’t provide any definitive information about any timelines.

The currently available workarounds are not to configure a redirection URL or configure a redirect URL that is solely under your control and that does not expose the information to third-parties. This redirect URL could still perform an additional redirection, but now without including the information that causes the issue with the third-party (Google).


#7