Redirect Rule for the Password Reset page

So I want to create a rule, which redirects users which log in for the first time to the auth0 reset password page. For that I created this rule:

async function checkGeneratedPassword(user, context, callback) {
  if (user.app_metadata.generatedPassword) {
    const ManagementClient = require("auth0@2.9.1").ManagementClient;
    const management = new ManagementClient({
      clientId: configuration.client_id,
      clientSecret: configuration.client_secret,
      domain: auth0.domain
    });

    const res = await management.createPasswordChangeTicket({
      user_id: user.user_id
    });

    context.redirect = {
      url: res.ticket
    };
  }

  return callback(null, user, context);
}

However the password reset page errors with the following error: Cannot resume flow 'redirect' I couldn’t find any info about this error.

When I remove the state query from the reset password url it works fine and I can reset my password.

Hi @BjoernRave,

Just a guess, but that error sounds like it would be coming from the Rules engine (since the rules engine expects to “resume the flow” after a rule executes), rather than the password reset. Can you post the associated URLs and screenshots?

Setting the rule as the last one so it doesn’t interfer with any other, doesn’t help either

I have no other rule which continues after this one though, because when the user changed his password he can log in, does that cause an issue?

sure, the url, which gets generated is like this one: Password reset error | Inventhora

Screenshot 2020-02-18 at 19.04.522880×1346 195 KB

@markd do you have anything I could try to make it work?

Hi @BjoernRave,

Apologies for the late reply … I’ve been away working on other things. Unfortunately the error message doesn’t tell us much. I would suggest opening a support ticket with Auth0 if possible. If that is not an option, possible @konrad.sopala or @James.Morrison may be able to assist.

Hey @markd,
thanks for the reply. I can open a support ticket if you want, however all the info is there to reproduce thr problem right?

I think so. I’m particularly interested in the “resume the flow” error. Again, sounds like something that would come from the rules processing engine, but the support engineers can confirm that and provide further guidance.

Hey @markd, I contacted the support, but unfortunately my tial period already expired and I am currently on the free plan, so it seems like I won’t get any response from them

Not sure in which direction I need to go with the info, that it’s coming from rules processing engine. Do you have any idea or hint for me, what I might need to change?

I’m facing the same issue. The state param in the url seems to cause the problem, see:

This workaround doesn’t work for me, since I’m trying to redirect directly to the Auth0’s password reset page during the login process.

A workaround for this use case would be very helpful.

@mobilmacher @BjoernRave

I don’t think there is currently a way to redirect directly to the hosted pw reset page in a redirect rule. The workaround is to call the management API and update the user’s pw manually. This would require hosting your own UI for the pw reset…I can see why this isn’t ideal.

Can you both please submit a feature request to our feedback page? This way our product managers see the request directly. Thanks!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.