How to redirect a user to the Universal Login on the reset-password-email screen

I am currently stuck with a UX issue that I assume should be simple to resolve but I’m unsure how to fix it.

Problem: Password resets don’t create an easy UX for the customer to return to the login page, once the password reset link has been emailed.

Context: I have looked in ‘Branding > Universal Login > Advanced Options > Prompt: reset-password > Screen: reset-password-email’. This is where I would like a link to go ‘Back to Login’ but there doesn’t appear to be an option?

I have considered a ‘Flow’, might be a temporary solution to auto-redirect the user, but this seems like a bandaid fix on the actual problem.

This has been raised in https://community.auth0.com/t/universal-login-reset-password-email-screen-not-have-back-button/127371?u=dylan7 but is also yet to be answered.

The only other solutions I could find in forums are in relation to creating custom domains.

1 Like

We too have the requirement to show a Back button to return to the login page.

Hey there @dylan7 ! Hi @dig-kr ! Thanks for reaching out and describing your use case!

Hmm, I am not sure if that would be methodologically justified.:thinking: When resetting a password, a link is sent via email; resetting the password is possible only via this URL.

From the security point of view, this password reset link can be available only once a user has proven their identity (by logging in to their email inbox and clicking the link). This reset password link should be available nowhere but in the user inbox (impostor protection).

If we would like to automatically attach a button with the password reset link within the screen you’ve shared, it means everyone who requested a password reset for a particular email could take over the password reset flow and as a result, take over the user account.

Please let me know your thoughts or let me know if I misunderstood your intention for the button you would like to see on the screen!

Thanks for your reply. Sorry, If I was unclear about my query, What I meant was as per the screenshot in the post, we would like to have a button to go back to login page. On the universal login customization screen, we see a “backButtonText” but there is no back button on the widget that gets shown after successful email is sent, as you can see in the below screenshot.

So just wanted to know if there is a way to show the back button on the success message widget.

Hey there @dig-kr !

Apologies for a wee bit of delay here - I am checking it further now and will update you soon.

(My tentative thought here is that the text customization from the screen shared in this post may happen only once the button is added to the screen - thus the question would be if/how to add buttons to the reset-password-screen)

Yes @marcelina.barycka it sounds like we’re on the same page now.

As per your first reply, nobody is wanting the back button to take over the password reset flow.

Instead this UX issue can be best experienced by simply resetting your password and think about it from a non-technically literate user’s perspective :joy:

  1. Click ‘Forgot Password’
  2. Enter email
  3. Cool, now what. The only button left to click is ‘resend link’ again (which they do). This is where the ‘back to login’ button should be.

Why does this only appear on the password reset page and not the sent link page?


Hi @dylan7 ,

Thanks for providing the context!

Can you please verify if, in your Auth0 tenant -> Applications -> specific application -> Settings -> Login URI, there is a value specified?

For context, please take a look here: Configure Default Login Routes

Please let me know if specifying a default Login URI in your Application settings fixed that, if that’s not the case, we will be looking further into that!

Hi @marcelina.barycka,

That did look pretty promising, but no it has not resolved it. When I looked at those settings, I did not have any URI entered.

I added my app URL to the URI redirect field on all (4) of my apps. I saved changes, waited 5 minutes and hard refreshed my Chrome browser -but still no change :frowning:

Alright, thanks for checking @dylan7 !

My test confirms your findings.

I would have to confirm it internally, but it looks like the ‘Back to Login’ button is rendered only under some specific conditions or is not rendered at all on the reset-password-screen. I will consult our engineering team to learn more and update you soon.

To not leave you empty-handed for the time being, let me please reiterate (I) how the flow looks like after setting the Application Login URI as well as (II) some suggestions on how to make the flow more friendly/clear for end users.

(I)

  1. On the login page, the user clicks “Forgot password”,
  2. The reset-password-request screen appears for the user, where they provide their email. Here they can choose to either process with the reset password flow or back to the regular login page to log in with an old password,
  3. Once they provide and approve the email to receive the reset link, they will see the reset-password-email screen (at this stage there is no button to ‘Go back’ to the regular login page).
  4. Once they click on the link received via email, they are shown with the password-reset screen to provide a new password,
  5. After a successful password input they see the reset-password-success screen with the ‘Back to …’ button rendered to log in with new credentials:

(II)
In step 3. (reset-password-email) update the description so that it doesn’t leave any space for mistakes on how to proceed, for example:

Please let me know if there are any other questions on that in the meantime or share your thoughts on that!