Passwordless custom redirect with custom properties

Hi!

I’m very badly surprised to not being able to pass a custom property in my passwordless redirect uri. I clearly don’t understand this choice.

Can you explain me which security concern is behind this decision?

Hey there @antoine-pous!

Let me reach out to the team responsible for that feature to hear what they have to share regarding your question!

Hey there!

Sorry for the delay in response. So I managed to get some info from our team.

redirect_uri is constrained to the values set on the Application configuration for security reasons, explained on RFC 6749: The OAuth 2.0 Authorization Framework .

There’s a bit more info on our docs here: Redirect Users , also including suggestion on how to redirect the user to another URL after authentication completes.