Problem statement
This article details how to handle the redirection of users to an application after they complete email verification. There are many methods, such as verification emails, Management API email job, Management API verification ticket, etc.
This article also explains how to customize the redirect URL for each case.
Solution
These are the available methods to send a verification email or ticket to end users and a description of the behavior for the subsequent redirection:
Case 1
If the Verification Email template is enabled, Okta will send a verification email when a user signs up or is created from the Dashboard or using the Management API. In that case, when the user clicks on the verification link in the email, they are redirected to whatever URL is configured in the Redirect To URL for that email template.
In this scenario, there are some ways to configure dynamic redirect to URLs, but the only three variables that are available on the Redirect To URL are:
application.name
(or its synonymclient.name
)application.clientID
application.callback_domain
(or its synonymclient.callback_domain
)
Please expand the Redirect To URL field to read this related documentation.
Case 2
If the POST /api/v2/tickets/email-verification
Management API endpoint is used, a body like the following can be used:
{
"user_id": "string",
"result_url": "string",
"ttl_sec": 0, // Number of seconds for which the ticket is valid before expiration. If unspecified or set to 0, this value defaults to 432000 seconds (5 days).
"includeEmailInRedirect": true
}
In that case, an email verification ticket will be received, and it will be the admin’s responsibility to provide this URL to the end user. Okta will not send an email. Once the user clicks on the verification ticket (link), they will be redirected to the specified “result_url”. Please see this related document for more details.
Case 3
Use the same endpoint from above (POST /api/v2/tickets/email-verification
), but in the body of the request, specify the client_id of one of the applications instead of a result_url:
{
"user_id": "string",
"client_id": "string",
"ttl_sec": 0, // Number of seconds for which the ticket is valid before expiration. If unspecified or set to 0, this value defaults to 432000 seconds (5 days).
"includeEmailInRedirect": true
}
In this case, the email verification ticket mentioned above will also be received. Auth0 will not send an email to the end user. Once they click on the verification ticket (link), they will see a confirmation screen letting them know their email has been verified and a Back to app button. Once they click that button, they will be redirected to the Default Login URI from the specified application. For more details, please see this related document for the Default Login Routes.
Case 4
If the POST /api/v2/jobs/verification-email
Management API endpoint is used, Auth0 will send a Verification Email to the user, the same as when they just signed up. For this endpoint to work, the Verification Email template must be enabled in the tenant.
Same as in Case 1, when the user clicks on the verification link in the email, they are redirected to whatever URL is configured in the Redirect To URL for that email template. Please see this related document for more details.
Related References