Hello!
I have created a rule to redirect all user/password users that never changed their password to the reset password UI. It looks like it’s working (most of it) but when the redirection happens, the reset password UI redirects back to the login and the user ends up in a login loop, always being asked to login. The problem is that when using context.redirect.url
, a state is being added to the query string and that seems to trigger the unwanted redirect.
Is there a way to disable that state from being added to the URL? Is it expected that the reset password UI redirects when that query param is present?
Here is the code I’m using for that purpose.
function (user, context, callback) {
const ManagementClient = require('auth0@2.27.0').ManagementClient;
const url = require('url@0.10.3');
const managementClient = new ManagementClient({
clientId: context.clientID,
clientSecret: configuration.auth0_clientSecret,
domain: auth0.domain,
scope: 'create:user_tickets',
});
// if user has already changed their password or it's not using a password, then there's nothing to do here.
const { connectionStrategy, protocol } = context;
if (user.last_password_reset || connectionStrategy !== 'auth0' || protocol === 'redirect-callback') {
return callback(null, user, context);
}
// request a password change url
const params = {
result_url: url.format({ // Redirect after using the ticket.
hostname: context.request.hostname,
pathname: '/continue',
protocol: 'https',
query: context.request.query,
}),
ttl_sec: 10 * 60,
user_id: user.user_id,
};
managementClient.createPasswordChangeTicket(params, function (err, res) {
if (err) {
return callback(err, user, context);
}
// redirect to password change url
context.redirect = { url: res.ticket };
return callback(null, user, context);
});
}
Thanks!