Auth0 Home Blog Docs

Hosted Lock Page with expired bookmarks

oidc-conformant
hosted-login-page
oops-page

#1

We are using the hosted lock for authorization. I’ve had a number of instances now where our users are bookmarking the https://mydomain.auth0.com/login?client=myclientid&protocol=oauth2&redirect_uri=..... instead of our application URL.

When they then try to access the application the next day using the bookmark and stale lock URL, they get the generic “Opps something went wrong” landing page, and the logs show the error: “Password login is disabled for clients using externally hosted login pages with oidc_conformant flag set.”.

Is there any config I can do to help make this workflow easier for end users who make this mistake? Somehow change the landing page to suggest they may have used a stale link? Change it to detect this specific error and auto-redirect to the proper application URL?


#2

You can configure your own error page which would mean the generic one would not be shown; you can do so in your tenant general settings, however, have in mind that this is a global change as in it is the page that would be used in case of any error and not just that one in specific. In relation to the error itself, improving the user experience around that scenario is something that I’ve seen requested a few times and also discussed internally so I wanted to let you know that is under the radar, but still with no definitive information about the possible improvements.


#3

Would love to see an improvement in this area as well (e.g. ability for hosted login page to self-reload if/when user bookmarks it). Now that we are in production, I am seeing a non-trivial number of our users who are bookmarking our HLP and then seeing this error. My only option at this point is to (as you mentioned above @jmangelo ) customize our ‘global error page’ to mention this (“hey users, please don’t bookmark the login page…”) Obviously that’s not a great solution.


#4