Hi!
I’m very badly surprised to not being able to pass a custom property in my passwordless redirect uri. I clearly don’t understand this choice.
Can you explain me which security concern is behind this decision?
Hey there @antoine-pous!
Let me reach out to the team responsible for that feature to hear what they have to share regarding your question!
Hey there!
Sorry for the delay in response. So I managed to get some info from our team.
redirect_uri is constrained to the values set on the Application configuration for security reasons, explained on RFC 6749: The OAuth 2.0 Authorization Framework .
There’s a bit more info on our docs here: Redirect Users , also including suggestion on how to redirect the user to another URL after authentication completes.