We’re currently working on integrating Auth0 password reset functionality into our mobile app, and we’re running into some difficulties with redirecting users back to the app after they reset their password. Our website is using new Universal Login, and our mobile app is using a custom auth experience with an auth0 client and management sdk on a Node.js service.
Right now, we’re triggering password reset emails using the authClient.database.changePassword({ email }) method in a Node.js service used by our app. The user receives the email and opens the password reset link, which opens a web page in the browser to reset their password. However, after submitting their new password, the user is left on the password reset success page, and there’s no redirect back to our app.
We’ve explored a few potential solutions:
We’ve added our app credentials in the application advanced settings and can see the correct configuration under {domain}/apple-app-site-association and {domain}/.well-known/assetlinks.json
We attempted to add a redirect URL in the email template, but it appears to be ignored — which seems to align with the docs stating redirects are not supported in this when using Universal Login (which the website is using but the mobile app uses a custom flow). For resetting the password via our website it does redirect to /login, but not when that email is triggered via authClient.database.changePassword({ email }).
There is a potential workaround using the post-change-password Action trigger to manually redirect to our app, but think this would affect all flows globally, not just mobile-app-initiated ones, unless we can somehow run some logic to see if the email was sent via the aforementioned method.
What we’re looking for is some clarity on the best practice for:
Either:
- Redirecting a user back to the mobile app (iOS and Android) after they’ve reset their password via reset password email that links to the web page form,
Or:
- Making the link in the password reset email deep link into our app, and us handling the reset password flow ourselves manually rather than opening in the browser and doing the password reset flow that way.
We want to ensure this works reliably for users coming from a mobile app context, without unintended side effects on other flows.
Summary of Questions:
How can we redirect users back to the mobile app (iOS & Android) after a password reset via Universal Login?
Is it possible to deep link into the app from the password reset email if sent manually from the authClient SDK vs the new Universal Login?
Are there any options to configure conditional redirects based on the platform or flow origin?
Is the post-change-password Action trigger the recommended way to handle this use case?
Any guidance would be hugely appreciated.
Thanks! 
