Auth0 Home Blog Docs

Password reset and then login sends invalid callback url

lock

#1

We just went live with a new tenant and we are seeing behavior where the password reset form sends the wrong callback url.

Steps to reproduce

  1. Press reset password link, auth0 lock pops up in reset mode
  2. Enter address, press send email, banner turns green and waits for login
  3. in another browser complete the process.
  4. Come back to original window and type in your new password, press login
  5. Invalid callback url. Our callback url is https://portal.higg.org/login but its always sending https://portal.higg.org and users get the invalid callback screen.

As a temporary workaround we have added the base path to our callback urls. At least then users are not getting an error screen ,just some frustration when they have to click login again.

Are we configuring this wrong?
Tx!


#3

Hey there @johnarmstrong

Could you go through the flow again and DM me with the HAR file + your tentant name so I can investigate it further?

Here’s some documentation when troubleshooting with a HAR file:

Thanks a lot!


#4

Hi Konrad, Tenant name is production-higg. Links to files:

HAR: https://drive.google.com/file/d/1VKrADZMKQV1qGuEiZycSMTmr-kr1fZw3/view?usp=sharing
Demo video: https://drive.google.com/file/d/15Pbp_eUWeFEVMCDHVxAdNzUCX6c14NDc/view?usp=sharing

Tx!
J