Password reset form – no "back to app" button

After a successful password change we want the user to get an option to return to our own implementation of a login page in our app.

This button should be actually there if the “Redirect To” field in the Email Templates section is properly filled.

This is the case if the user triggers the password-reset flow in our app through auth0-js WebAuth directly from the client.

But in our workflow we might trigger a password-reset from our backoffice system which will call the Auth0 API from nodejs. In this case no button is shown after the password was changed successfully.

Is this intended? Or is there a way to also show the button when triggering the reset from the backend?

@dan.woda

Hi @vui,

If I understand you correctly, the button is only showing up if the user initiates the pw reset flow. If you initiate it via the management API then there is no button. If that is correct, this sounds like a bug. Can you give me the exact steps to reproduce so I can try it and report it? Specifically, are you using the classic universal login or new Universal login. Can you also DM me your tenant name?

Yes, that’s exactly how it is.

We use the new Login. I tried also the classic once. As far as I remember with that version the user got redirected instead of showing a button. But the issue was the same. It got only redirected if the pw reset flow was initiated from the client and not from the server.

Client only (end user app):

import { WebAuth } from 'auth0-js' // auth0-js@9.13.2

const webAuth = new WebAuth({
  domain,
  audience,
  clientID,
  redirectUri,
  responseType: 'code'
})

webAuth.changePassword({
  email: 'some@email.com',
  connection: 'my-user-connection'
})

Server (will be triggered by our internal backoffice system):

const { AuthenticationClient } = require('auth0') // auth0@2.24.0

const auth = new AuthenticationClient({ domain, clientId, clientSecret })

await auth.requestChangePasswordEmail({
  email: 'some@email.com',
  connection: 'my-user-connection'
})

We don’t use the Management API here since we don’t want to manually send an email with a pw reset ticket. Instead Auth0 should handle the complete flow, so we trigger it via the Authentication Client API.

I’ll DM you the config options as well as our tenant name.

1 Like

@vui,

I think I found the issue.

When you make a request to the change password email endpoint, you typically send 3 params:

  • client_id
  • email (required)
  • connection (required)

The client_id param is used to determine where to redirect the user (button) after a successful reset. It uses the Application Login URI from the application settings page. The client id is being set implicitly in code you posted.

If there is no login URI provided, it will use the global Tenant Login URI. This is found in tenant settingsadvanced.

The reason you aren’t seeing a button when you request the pw change email from your node app is because the node app is setting the client ID as the node app client ID, which you haven’t set an application login URI for, and you have no global tenant login URI set.

Here are you options:

  • Set a global tenant login URI
  • If your node app only services that client-side application, set the application login URI to the default login of your front end.

IMO, the node sdk should allow you to pass client id, but I’ll have to check with the team that manages that repo to see if there is a reason why this isn’t currently available.

1 Like

Okay, I looked into this and you can actually pass the client_id directly to auth.requestChangePasswordEmail and it will treat the request as if it came from your client.

1 Like

Great, thanks a lot. That works.

In that case it should be documented though (and added to the types): https://auth0.github.io/node-auth0/module-auth.AuthenticationClient.html#requestChangePasswordEmail

Okay, I opened a PR: Added docs for parameter client_id on requestChangePasswordEmail by vuhrmeister · Pull Request #488 · auth0/node-auth0 · GitHub

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.