Overview
This article explains why a password reset ticket link fails to work when a user is redirected from an Action (api.redirect.sendUserTo) or a Rule (context.redirect) using the New Universal Login experience.
Applies To
- New Universal Login
- Password Reset Ticket Link
Cause
The New Universal Login (UL) experience and the Classic UL experience handle redirects differently. Redirects initiated by Rules or Actions append a state parameter to the target URL. The New UL experience uses an internal state parameter for its own processes. When the state parameter from the redirect rule is passed to the New UL password reset flow, a conflict occurs, causing the link to fail. The Classic UL experience does not use the state parameter in the same way and ignores the one appended by the redirect, which avoids this issue.
Solution
The following solutions are available to resolve this issue:
- Append the password reset ticket to the /v2/logout endpoint as a returnTo parameter instead of redirecting to the ticket directly. This method is compatible with both Classic and New UL.
- Revert the tenant to the Classic Universal Login experience.
- Enable the Password Reset Page customization. This action enables the Classic experience for the password reset flow only.