We just went live with a new tenant and we are seeing behavior where the password reset form sends the wrong callback url.
Steps to reproduce
Press reset password link, auth0 lock pops up in reset mode
Enter address, press send email, banner turns green and waits for login
in another browser complete the process.
Come back to original window and type in your new password, press login
Invalid callback url. Our callback url is Higg but its always sending https://portal.higg.org and users get the invalid callback screen.
As a temporary workaround we have added the base path to our callback urls. At least then users are not getting an error screen ,just some frustration when they have to click login again.
Hey @johnarmstrong sorry for my delay in response. Totally understand what you mean with the video however the HAR file doesn’t provide us with much info. Have you performed all the actions presented in the video before pulling out the HAR file?
I’ll try to reproduce the issue and get back to you with information!
Yup, that fixed it. So in this case ‘reset password’ uses ‘email redirectTo’ parameter when logging in after requesting a reset. This was confusing for me since its clear the the parameters in the email screen refer to the email and not a web-based flow. But since all password resets are email based I get how they are related now.
Fixed and great, thank you Konrad for chasing this one down for me!