Passwordless custom redirect with custom properties

Hi!

I’m very badly surprised to not being able to pass a custom property in my passwordless redirect uri. I clearly don’t understand this choice.

Can you explain me which security concern is behind this decision?

Hey there @antoine-pous!

Let me reach out to the team responsible for that feature to hear what they have to share regarding your question!

Hey there!

Sorry for the delay in response. So I managed to get some info from our team.

redirect_uri is constrained to the values set on the Application configuration for security reasons, explained on https://tools.ietf.org/html/rfc6749#section-10.6 .

There’s a bit more info on our docs here: https://auth0.com/docs/users/guides/redirect-users-after-login , also including suggestion on how to redirect the user to another URL after authentication completes.