Hey, first time on the Forum. I’ll give my best
What we want to achieve is, that
- we create an account for a user using the management API
verify_email = false
email_verified = false
- we issue a password change ticket
user_id = {USER_ID}
-
client_id = {CLIENT_ID}
(in order to enable redirect) mark_email_as_verified = true
- we send user the ticket URL via our own mail service
- the user
- opens the password change ticket URL,
- sets a new password
- and will be redirected to the applications login URL (or to some URL)
According to the management API docs, the redirect should work, if we set the client_id
:
BUT, it does not work … respectively until yesterday evening DID NOT work … now it somehow works.
Our setup:
- Node.js
- Management API calls via npm package
auth0
- New Universal Login experience is activated
I tested three scenarios:
1st test:
const passwordChangeTicketResponse = await auth0.createPasswordChangeTicket({
mark_email_as_verified: true,
user_id: createdUser.user_id,
client_id: auth0ClientId
})
Today:
Ticket URL: https://SUBDOMAIN.auth0.com/lo/reset?ticket=A76e2...
Setting password works: YES
User is redirected after setting password: NO
Until yesterday:
Ticket URL was something like this: https://SUBDOMAIN.auth0.com/u/reset-password?ticket=asd87...
And the UI was different compared to today??
2nd test:
const passwordChangeTicketResponse = await auth0.createPasswordChangeTicket({
mark_email_as_verified: true,
user_id: createdUser.user_id,
result_url: "https://google.de" // respectively our URLs
})
Today:
Ticket URL: https://SUBDOMAIN.auth0.com/lo/reset?ticket=asd987...
Setting password works: YES
User is redirected after setting password: YES
Until yesterday:
Ticket URL was something like this: https://SUBDOMAIN.auth0.com/u/reset-password?ticket=765asd7...
And the UI was different too!
What wonders me here:
According to the API docs the user should be redirect to the Classic Universal Login … but it looks exactly the same like in the 1st approach:
3rd test (The only one which worked until yesterday!)
const passwordChangeTicketResponse = await auth0.createPasswordChangeTicket({
mark_email_as_verified: true,
user_id: createdUser.user_id,
includeEmailInRedirect: true,
result_url: "https://google.de"
})
Here includeEmailInRedirect: true
was somehow the trigger to now generate URLs with a pathname like /lo/reset?...
instead of /u/reset-password?...
Here everything worked yesterday (but I mean, the flag includeEmailInRedirect
should not be the one enabling redirects…).
So following questions:
- Have there been any changes to the Management API which caused the different behavour between yesterday and today?
- How was it possible to generate (I assume) Classic Universal Login password change tickets by passing
client_id
? - What’s the correct way to redirect a user after resetting the password?
I hope I could clearly demonstrate my problems. Hopefully someone can help me out to better understand what’s going on
Peter