We just went live with a new tenant and we are seeing behavior where the password reset form sends the wrong callback url.
Steps to reproduce
- Press reset password link, auth0 lock pops up in reset mode
- Enter address, press send email, banner turns green and waits for login
- in another browser complete the process.
- Come back to original window and type in your new password, press login
- Invalid callback url. Our callback url is https://portal.higg.org/login but its always sending https://portal.higg.org and users get the invalid callback screen.
As a temporary workaround we have added the base path to our callback urls. At least then users are not getting an error screen ,just some frustration when they have to click login again.
Are we configuring this wrong?