Auth0 Home Blog Docs

Redirect To for classic login doesn't work

Hello there,

I tried setting the Redirect To url for password reset and verification email for our classic login, but it doesn’t work, regardless if I use a full url or {{ application.callback_domain } variable. Both the verification and the password reset do succeed, but they stay on the same page.

Here’s a link to the docs I used: https://auth0.com/docs/email/templates#configuring-the-redirect-to-url

And here: https://auth0.com/docs/universal-login/default-login-url#completing-the-email-verification-flow

This behavior only happens when the New Universal Login Experience is enabled. In Classic mode, you will need to configure the Redirect URL in the Verification Email Template

Any help would be appreciated!

All the best,
Joralf

Hi @joralf,

Welcome to the Auth0 Community Forum!

Can you help us with some more information? Are you receiving errors in the console or in the auth0 logs? Can you confirm that a complete url is being sent with the email? Does the link include this information?

Thanks,
Dan

Hi Dan,

Thanks for your response, here’s a screenshot of our settings:

Here’s the mail I receive, notice the subject is also not set according to the settings above:

Here’s the URL in the email, it doesn’t contain any query params. Should it?

{domain}/lo/reset?ticket=SN4jKhybplayAbh98OWvXdZ9Go8y20Ai#

I receive no errors in console after password reset, it just doesn’t redirect.

All the best,
Joralf

@joralf,

It looks like you are using the Auth0 email provider. Notice the yellow warning in the screenshot of your template settings.

Can you try setting up a custom provider and see if the changes take effect? Sendgrid will allow you to set up a trial for free if you are just looking to test the function.

Let me know.

Thanks,
Dan

Hi Dan,

Thanks for your feedback. I read the yellow warning message, but I expected it to only apply to the actual template (the message) and not the from/subject/redirect to. I’ll look into custom email provider solution.

Thanks so much!

All the best,

Joralf

Yep, all of the options are considered an email template. Good luck!

Hi Dan,

Thanks for the response. We setup a custom email provider (Sendgrid) and the callback URL is still broken. Here’s a screenshot from our settings, looks like the variable is not replaced by the actual value:

In the email I received the {{ application.callback_domain }} in the subject is not replaced and after verifiying the account the user is not redirected. It does work when we manually set a url in redirect_to, but that’s not a preferred solution.

Do you have any idea what’s going wrong?

All the best,

Joralf

@joralf

A few question to narrow the issue:

  • Are you using the new universal login or classic UL?
  • How are you testing the email (how are you sending it)?
  • Can you confirm that there is a valid URL in the Allowed Callback URL in the application settings of the application that is sending the email?
  • Do you get an invalid result URL error?

Hi Dan,

The answers to your questions:

Hope this helps!

Are you sending using the try button?

Can you take a look at the successful request in the Auth0 logs and see if it includes the result url? Also, could you please DM me your tenant name so I can take a look?

Thanks,
Dan

Hi Dan,

I’m not using the try button, we’re just signing up on Auth0 and receiving a verification mail or a password reset mail through Sendgrid.

Thing though is that in the email syntax we use {{ url }} to fill in the anchor of the button. Is that correct? Cause this is the default settings of Auth0, we didn’t change anything except for picking the Sendgrid provider.

Can you confirm that {{ application.callback_domain }} will be parsed into {{ url }}?

<p><a href="{{ url }}">Confirm my account</a></p>

I also had a look at the logs and I do get the invalid result url for the verification mail:

Browser response:

{

* name: "BadRequestError",

* code: "invalid_result_url",

* description: "invalid result url: ?supportSignUp=true&supportForgotPassword=true&email=mymail%40gmail.com&message=Your%20email%20was%20verified.%20You%20can%20continue%20using%20the%20application.&success=true&code=success",

* statusCode: 400

}

Server log:

{
  "date": "2019-11-21T08:40:06.581Z",
  "type": "fv",
  "description": "invalid result url: ?supportSignUp=true&supportForgotPassword=true&email=mymail%40gmail.com&message=Your%20email%20was%20verified.%20You%20can%20continue%20using%20the%20application.&success=true&code=success",
  "connection": "Username-Password-Authentication",
  "connection_id": "con_GonW3fPLiGPRpPX0",
  "client_id": "o8VU0ELFA2Kn51yV0kULmGwAWnVZqrW9",
  "client_name": "All Applications",
  "ip": "157.97.115.90",
  "user_agent": "Chrome 78.0.3904 / Mac OS X 10.14.6",
  "details": {
    "query": {
      "email": "mymail@gmail.com",
      "user_id": "auth0|5dd64baabf27480f12ff131f",
      "tenant": "tenant_name",
      "client_id": "id",
      "connection": "Username-Password-Authentication",
      "resultUrl": "{{ application.callback_domain }}",
      "includeEmailInRedirect": true
    }
  },
  "user_id": "auth0|5dd64baabf27480f12ff131f",
  "user_name": "mymail@gmail.com",
  "strategy": "auth0",
  "strategy_type": "database",
  "log_id": "90020191121084007830000781605157391171459514113841954834",
  "_id": "90020191121084007830000781605157391171459514113841954834",
  "isMobile": false
}

For resetting the password the logs show success, but the page doesn’t redirect after you’ve set a new password.

{
  "date": "2019-11-21T08:43:45.656Z",
  "type": "scp",
  "description": "You can now login to the application with the new password.",
  "connection": "Username-Password-Authentication",
  "connection_id": "con_GonW3fPLiGPRpPX0",
  "client_id": "ALLTaVkgg3EIpuSg8ol5MlPM9aKbS1wl",
  "client_name": "Client Name",
  "ip": "",
  "user_agent": "Chrome 78.0.3904 / Mac OS X 10.14.6",
  "details": {
    "title": "Change Password",
    "email": "mymail@gmail.com",
    "body": {
      "newPassword": "*****",
      "confirmNewPassword": "*****",
      "_csrf": "eryNe9z5-n4q06SARF7Li5Q1EhMZEEJOF2Nc",
      "ticket": "7j7bHByKE2YbBwBUD6WuuQMd3S8miqrZ"
    },
    "query": {
      "user_id": "5dd64baabf27480f12ff131f",
      "email": "mymail@gmail.com",
      "username": null,
      "newPassword": null,
      "tenant": "boretti",
      "client_id": "ALLTaVkgg3EIpuSg8ol5MlPM9aKbS1wl",
      "connection": "Username-Password-Authentication",
      "resultUrl": null,
      "markEmailAsVerified": true,
      "includeEmailInRedirect": true
    }
  },
  "user_id": "auth0|5dd64baabf27480f12ff131f",
  "user_name": "mymail@gmail.com",
  "strategy": "auth0",
  "strategy_type": "database",
  "log_id": "90020191121084347300007312770736688595898600440526274594",
  "_id": "90020191121084347300007312770736688595898600440526274594",
  "isMobile": false
}

I’ve send you our tenant via DM.

All the best,

Joralf

Just to be sure, this is the correct syntax right?

Allowed callbacks:

Redirect to:

1 Like

@joralf

Okay it looks like you are getting an error because the user is already verified. I just setup and tested everything and it is working for me.

It looks like the result url field is null in this log.

As you can see here, the {{url}} setting is correct. This value is the verification url not the redirect url.

Another debugging strategy you can try is adding a hard coded URL (like https://www.google.com for instance) to the Redirect To value to confirm that it is not a problem with your callback url.

1 Like

Hi Dan,

Setting the {{ application.callback_domain }} in the redirect_url field seems to cause strange behavior. Let me walk you through it:

Allowed Callback URL:

Email validation with {{ application.callback_domain }} set as redirect_url:

  • I’ve created a new account for mymail@gmail.com
  • When I check the raw JSON i see the following:
{
    "created_at": "2019-11-22T08:39:34.021Z",
    "email": "mymail@gmail.com",
    "email_verified": false,
    "identities": [
        {
            "connection": "Username-Password-Authentication",
            "user_id": "5dd79ec555ecdf0e924b49b4",
            "provider": "auth0",
            "isSocial": false
        }
    ],
    "name": "mymail@gmail.com",
    "nickname": "joralf",
    "picture": "https://s.gravatar.com/avatar/f6d3810bc9eb7ea732d5f93f32b99aa7?s=480&r=pg&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fjo.png",
    "updated_at": "2019-11-22T08:39:34.021Z",
    "user_id": "auth0|5dd79ec555ecdf0e924b49b4",
    "blocked_for": [],
    "guardian_authenticators": []
}
  • I receive the following email with a Sendgrid link (I guess they redirect, but make their own link so we can measure clicks)
  • To be completely sure I check whether I’m logged out on https://frontend.boretti.weneverletyoudown.nl a.k.a. the callback_url
  • I press the link and I get this message:
{
name: "BadRequestError",
code: "invalid_result_url",
description: "invalid result url: ?supportSignUp=true&supportForgotPassword=true&email=mymail%40gmail.com&message=Your%20email%20was%20verified.%20You%20can%20continue%20using%20the%20application.&success=true&code=success",
statusCode: 400
}
  • I check the raw JSON of my user and it is now verified:
{
    "created_at": "2019-11-22T08:39:34.021Z",
    "email": "mymail@gmail.com",
    "email_verified": true,
    "identities": [
        {
            "connection": "Username-Password-Authentication",
            "user_id": "5dd79ec555ecdf0e924b49b4",
            "provider": "auth0",
            "isSocial": false
        }
    ],
    "name": "mymail@gmail.com",
    "nickname": "joralf",
    "picture": "https://s.gravatar.com/avatar/f6d3810bc9eb7ea732d5f93f32b99aa7?s=480&r=pg&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fjo.png",
    "updated_at": "2019-11-22T08:57:29.210Z",
    "user_id": "auth0|5dd79ec555ecdf0e924b49b4",
    "blocked_for": [],
    "guardian_authenticators": []
}
{
  "date": "2019-11-22T10:02:35.598Z",
  "type": "fv",
  "description": "invalid result url: ?supportSignUp=true&supportForgotPassword=true&email=joralfquist%40gmail.com&message=Your%20email%20was%20verified.%20You%20can%20continue%20using%20the%20application.&success=true&code=success",
  "connection": "Username-Password-Authentication",
  "connection_id": "con_GonW3fPLiGPRpPX0",
  "client_id": "o8VU0ELFA2Kn51yV0kULmGwAWnVZqrW9",
  "client_name": "All Applications",
  "ip": "89.20.164.66",
  "user_agent": "Chrome 78.0.3904 / Mac OS X 10.14.6",
  "details": {
    "query": {
      "email": "joralfquist@gmail.com",
      "user_id": "auth0|5dd7b227abadad0f0a6cb7f1",
      "tenant": "boretti",
      "client_id": "o8VU0ELFA2Kn51yV0kULmGwAWnVZqrW9",
      "connection": "Username-Password-Authentication",
      "resultUrl": "{{ application.callback_domain }}",
      "includeEmailInRedirect": true
    }
  },
  "user_id": "auth0|5dd7b227abadad0f0a6cb7f1",
  "user_name": "joralfquist@gmail.com",
  "strategy": "auth0",
  "strategy_type": "database",
  "log_id": "90020191122100236830000026864094703359121559313887264786",
  "_id": "90020191122100236830000026864094703359121559313887264786",
  "isMobile": false
}

Email validation with https://frontend.boretti.weneverletyoudown.nl set as redirect_url:

  • I’ve created a new account for mymail@gmail.com
  • When I check the raw JSON i see the following:
{
    "created_at": "2019-11-22T09:47:27.064Z",
    "email": "mymail@gmail.com",
    "email_verified": false,
    "identities": [
        {
            "connection": "Username-Password-Authentication",
            "user_id": "5dd7aeaf63c8dd0edd04cc71",
            "provider": "auth0",
            "isSocial": false
        }
    ],
    "name": "mymail@gmail.com",
    "nickname": "joralf",
    "picture": "https://s.gravatar.com/avatar/f6d3810bc9eb7ea732d5f93f32b99aa7?s=480&r=pg&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fjo.png",
    "updated_at": "2019-11-22T09:47:27.064Z",
    "user_id": "auth0|5dd7aeaf63c8dd0edd04cc71",
    "blocked_for": [],
    "guardian_authenticators": []
}
  • I receive the following email with a Sendgrid link (I guess they redirect, but make their own link so we can measure clicks)
  • To be completely sure I check whether I’m logged out on https://frontend.boretti.weneverletyoudown.nl a.k.a. the url set as redirect_url
  • I press the link and I get redirected to the login page of our portal:
  • I can login, so this works
  • Logs:

Password reset

I’m lost here, why does redirect_url hardcoded work for verification mails, but not for password change? And why does the redirect_url set to {{ application.callback_domain }} result in an error for verification of your email address.

So to me it seems like:

  • {{ application.callback_domain }} is NOT replaced, seems a bug?
  • Redirect is not triggered after password reset, seems a bug?

@joralf,

And you can confirm that you are not using new universal login experience?

Can you try this endpoint with the same result_url as your redirect To and confirm that it is still happening: https://auth0.com/docs/api/management/v2#!/Tickets/post_email_verification

I can confirm we’re not using the new universal login experience:

I’ll check the API later today…

1 Like

@dan.woda I haven’t been able to get the API working, sorry. But my two questions still stand:

  • {{ application.callback_domain }} is not replaced, but when I hardcode the URL it is working for verification mails
  • Redirect is not triggered after password reset, is this a feature or a bug?

@joralf,

Sorry for the delay, I am going to test this and get back to you today. IIRC, redirect should occur after pw reset.

Do you mean generally, or the link generated by the api is not working?

Okay, I was able to test setting the {{ application.callback_domain }} in the redirect To field of the change password template and got a link to the first field in my Allowed Callback URLs, http://localhost:3000, I also tried it with https://www.google.com. Both redirect after successful; change, everything is working as expected for me.

Can you please DM me a HAR file of the password change so I can investigate further?

Thanks,
Dan

Hi @dan.woda, I’ve send you a DM containing the HAR files.

1 Like