Redirect To for classic login doesn't work

Hello there,

I tried setting the Redirect To url for password reset and verification email for our classic login, but it doesn’t work, regardless if I use a full url or {{ application.callback_domain } variable. Both the verification and the password reset do succeed, but they stay on the same page.

Here’s a link to the docs I used: Customize Email Templates

And here: Configure Default Login Routes

This behavior only happens when the New Universal Login Experience is enabled. In Classic mode, you will need to configure the Redirect URL in the Verification Email Template

Any help would be appreciated!

All the best,
Joralf

Hi @joralf,

Welcome to the Auth0 Community Forum!

Can you help us with some more information? Are you receiving errors in the console or in the auth0 logs? Can you confirm that a complete url is being sent with the email? Does the link include this information?

Thanks,
Dan

Hi Dan,

Thanks for your response, here’s a screenshot of our settings:

image1868×1496 304 KB

Here’s the mail I receive, notice the subject is also not set according to the settings above:

image2074×1664 199 KB

Here’s the URL in the email, it doesn’t contain any query params. Should it?

{domain}/lo/reset?ticket=SN4jKhybplayAbh98OWvXdZ9Go8y20Ai#

I receive no errors in console after password reset, it just doesn’t redirect.

All the best,
Joralf

@joralf,

It looks like you are using the Auth0 email provider. Notice the yellow warning in the screenshot of your template settings.

Can you try setting up a custom provider and see if the changes take effect? Sendgrid will allow you to set up a trial for free if you are just looking to test the function.

Let me know.

Thanks,
Dan

Hi Dan,

Thanks for your feedback. I read the yellow warning message, but I expected it to only apply to the actual template (the message) and not the from/subject/redirect to. I’ll look into custom email provider solution.

Thanks so much!

All the best,

Joralf

Yep, all of the options are considered an email template. Good luck!

Hi Dan,

Thanks for the response. We setup a custom email provider (Sendgrid) and the callback URL is still broken. Here’s a screenshot from our settings, looks like the variable is not replaced by the actual value:

image1133×1003 94.1 KB

In the email I received the {{ application.callback_domain }} in the subject is not replaced and after verifiying the account the user is not redirected. It does work when we manually set a url in redirect_to, but that’s not a preferred solution.

Do you have any idea what’s going wrong?

All the best,

Joralf

@joralf

A few question to narrow the issue:

• Are you using the new universal login or classic UL?
• How are you testing the email (how are you sending it)?
• Can you confirm that there is a valid URL in the Allowed Callback URL in the application settings of the application that is sending the email?
• Do you get an invalid result URL error?

Hi Dan,

The answers to your questions:

• Classic login
• Email is send via Sendgrid account (I tested all flows and they work, just the redirect is broken)
• The url in Allowed Callback URL is https://frontend.boretti.weneverletyoudown.nl, which is valid
• I don’t get an invalid result URL error, just this. Here’s the link in the email I got: http://u13774823.ct.sendgrid.net/wf/click?upn=UJOJ-2BpNGWXJgHkPE-2F5dVPGuReUgc6IjRTE-2Bqro9-2FZJQZTYmA9HOqAeRWntN2MYo5vntBU-2BQts35SC-2FTkw4AyOEfQ2N4FNlpYogj3G1MIfnw9qcjFwjRtZwwygQJCSqpO_KEwIMakBqcPFJfsHn16NjQf5kc-2FdEGJXQP31EjRnp4zqtSfnGBtbnYhHnBAweaVlSvcQwIuLCTeIVFA9VUTc6U1WL5misLh8TG7uLVmotrSmF93Kuvazfs-2F66DW1D7ncH5qZ8V8-2FNNuLX2cKxo0Y7pjEEjiR-2B4S-2BERb2NJC9Fea5r-2B0393QH7JJ2q0DksFOBSaCRyurVD17TwR3UFtepORY9I0jXGfHrW9A1s-2Bq6ua4-3D

image3350×1626 114 KB

Hope this helps!

Are you sending using the try button?

Can you take a look at the successful request in the Auth0 logs and see if it includes the result url? Also, could you please DM me your tenant name so I can take a look?

Thanks,
Dan

Hi Dan,

I’m not using the try button, we’re just signing up on Auth0 and receiving a verification mail or a password reset mail through Sendgrid.

Thing though is that in the email syntax we use {{ url }} to fill in the anchor of the button. Is that correct? Cause this is the default settings of Auth0, we didn’t change anything except for picking the Sendgrid provider.

Can you confirm that {{ application.callback_domain }} will be parsed into {{ url }}?

<p><a href="{{ url }}">Confirm my account</a></p>

I also had a look at the logs and I do get the invalid result url for the verification mail:

Browser response:

{

* name: "BadRequestError",

* code: "invalid_result_url",

* description: "invalid result url: ?supportSignUp=true&supportForgotPassword=true&email=mymail%40gmail.com&message=Your%20email%20was%20verified.%20You%20can%20continue%20using%20the%20application.&success=true&code=success",

* statusCode: 400

}

Server log:

{
  "date": "2019-11-21T08:40:06.581Z",
  "type": "fv",
  "description": "invalid result url: ?supportSignUp=true&supportForgotPassword=true&email=mymail%40gmail.com&message=Your%20email%20was%20verified.%20You%20can%20continue%20using%20the%20application.&success=true&code=success",
  "connection": "Username-Password-Authentication",
  "connection_id": "con_GonW3fPLiGPRpPX0",
  "client_id": "o8VU0ELFA2Kn51yV0kULmGwAWnVZqrW9",
  "client_name": "All Applications",
  "ip": "157.97.115.90",
  "user_agent": "Chrome 78.0.3904 / Mac OS X 10.14.6",
  "details": {
    "query": {
      "email": "mymail@gmail.com",
      "user_id": "auth0|5dd64baabf27480f12ff131f",
      "tenant": "tenant_name",
      "client_id": "id",
      "connection": "Username-Password-Authentication",
      "resultUrl": "{{ application.callback_domain }}",
      "includeEmailInRedirect": true
    }
  },
  "user_id": "auth0|5dd64baabf27480f12ff131f",
  "user_name": "mymail@gmail.com",
  "strategy": "auth0",
  "strategy_type": "database",
  "log_id": "90020191121084007830000781605157391171459514113841954834",
  "_id": "90020191121084007830000781605157391171459514113841954834",
  "isMobile": false
}

For resetting the password the logs show success, but the page doesn’t redirect after you’ve set a new password.

{
  "date": "2019-11-21T08:43:45.656Z",
  "type": "scp",
  "description": "You can now login to the application with the new password.",
  "connection": "Username-Password-Authentication",
  "connection_id": "con_GonW3fPLiGPRpPX0",
  "client_id": "ALLTaVkgg3EIpuSg8ol5MlPM9aKbS1wl",
  "client_name": "Client Name",
  "ip": "",
  "user_agent": "Chrome 78.0.3904 / Mac OS X 10.14.6",
  "details": {
    "title": "Change Password",
    "email": "mymail@gmail.com",
    "body": {
      "newPassword": "*****",
      "confirmNewPassword": "*****",
      "_csrf": "eryNe9z5-n4q06SARF7Li5Q1EhMZEEJOF2Nc",
      "ticket": "7j7bHByKE2YbBwBUD6WuuQMd3S8miqrZ"
    },
    "query": {
      "user_id": "5dd64baabf27480f12ff131f",
      "email": "mymail@gmail.com",
      "username": null,
      "newPassword": null,
      "tenant": "boretti",
      "client_id": "ALLTaVkgg3EIpuSg8ol5MlPM9aKbS1wl",
      "connection": "Username-Password-Authentication",
      "resultUrl": null,
      "markEmailAsVerified": true,
      "includeEmailInRedirect": true
    }
  },
  "user_id": "auth0|5dd64baabf27480f12ff131f",
  "user_name": "mymail@gmail.com",
  "strategy": "auth0",
  "strategy_type": "database",
  "log_id": "90020191121084347300007312770736688595898600440526274594",
  "_id": "90020191121084347300007312770736688595898600440526274594",
  "isMobile": false
}

I’ve send you our tenant via DM.

All the best,

Joralf

Just to be sure, this is the correct syntax right?

Allowed callbacks:

image1736×306 10.2 KB

Redirect to:

image1572×414 71.7 KB

@joralf

Okay it looks like you are getting an error because the user is already verified. I just setup and tested everything and it is working for me.

It looks like the result url field is null in this log.

As you can see here, the {{url}} setting is correct. This value is the verification url not the redirect url.

Another debugging strategy you can try is adding a hard coded URL (like https://www.google.com for instance) to the Redirect To value to confirm that it is not a problem with your callback url.

@joralf,

And you can confirm that you are not using new universal login experience?

Can you try this endpoint with the same result_url as your redirect To and confirm that it is still happening: Auth0 Management API v2

I can confirm we’re not using the new universal login experience:

image2108×1180 207 KB

I’ll check the API later today…

@dan.woda I haven’t been able to get the API working, sorry. But my two questions still stand:

• {{ application.callback_domain }} is not replaced, but when I hardcode the URL it is working for verification mails
• Redirect is not triggered after password reset, is this a feature or a bug?

@joralf,

Sorry for the delay, I am going to test this and get back to you today. IIRC, redirect should occur after pw reset.

Do you mean generally, or the link generated by the api is not working?

Okay, I was able to test setting the {{ application.callback_domain }} in the redirect To field of the change password template and got a link to the first field in my Allowed Callback URLs, http://localhost:3000, I also tried it with https://www.google.com. Both redirect after successful; change, everything is working as expected for me.

Can you please DM me a HAR file of the password change so I can investigate further?

Thanks,
Dan

Hi @dan.woda, I’ve send you a DM containing the HAR files.

I also tried creating a new tenant from scratch (test-joralf) and have the same issue:

The succes change password doesn’t contain a resultUrl, so it doesn’t redirect:

{
  "date": "2019-12-09T11:01:57.512Z",
  "type": "scp",
  "description": "You can now login to the application with the new password.",
  "connection": "Username-Password-Authentication",
  "connection_id": "con_L8ftdJSJu4fZLWRJ",
  "client_id": "oxTBbl2sVSmr1vvq4ho2DxV76CBtFSG0",
  "client_name": "Test app",
  "ip": "89.20.164.66",
  "user_agent": "Chrome 78.0.3904 / Mac OS X 10.14.6",
  "details": {
    "title": "Change Password",
    "email": "mymail",
    "body": {
      "newPassword": "*****",
      "confirmNewPassword": "*****",
      "_csrf": "xugBEzta-5VGqHAHGuezcieqMhJeyJvBfc8k",
      "ticket": "kQWU3JWnJcLrty8lhq93cizz9fdrHMEP"
    },
    "query": {
      "user_id": "5dee293d8545dd0ea6e85f9e",
      "email": "mymail",
      "username": null,
      "newPassword": null,
      "tenant": "test-joralf",
      "client_id": "oxTBbl2sVSmr1vvq4ho2DxV76CBtFSG0",
      "connection": "Username-Password-Authentication",
      "resultUrl": null,
      "markEmailAsVerified": true,
      "includeEmailInRedirect": true
    }
  },
  "user_id": "auth0|5dee293d8545dd0ea6e85f9e",
  "user_name": "mymail",
  "strategy": "auth0",
  "strategy_type": "database",
  "log_id": "90020191209110158763000561636903085669380742413130137618",
  "_id": "90020191209110158763000561636903085669380742413130137618",
  "isMobile": false
}

But for the email validation success we see:

{
  "date": "2019-12-09T11:00:31.950Z",
  "type": "sv",
  "description": "Your email was verified. You can continue using the application.",
  "connection": "Username-Password-Authentication",
  "connection_id": "con_L8ftdJSJu4fZLWRJ",
  "client_id": "KSmw355ymd4pVAPOcObpFQh1UxJKuwIZ",
  "client_name": "All Applications",
  "ip": "89.20.164.66",
  "user_agent": "Chrome 78.0.3904 / Mac OS X 10.14.6",
  "details": {
    "email": "mymail",
    "query": {
      "email": "mymail",
      "user_id": "auth0|5dee293d8545dd0ea6e85f9e",
      "tenant": "test-joralf",
      "client_id": "KSmw355ymd4pVAPOcObpFQh1UxJKuwIZ",
      "connection": "Username-Password-Authentication",
      "resultUrl": "http://www.google.nl",
      "includeEmailInRedirect": true
    }
  },
  "user_id": "auth0|5dee293d8545dd0ea6e85f9e",
  "user_name": "mymail",
  "strategy": "auth0",
  "strategy_type": "database",
  "log_id": "90020191209110033164000561351565160169018270982774718482",
  "_id": "90020191209110033164000561351565160169018270982774718482",
  "isMobile": false
}