I have a requirement to redirect to a custom error page if the Password Reset email link is clicked by a customer and the link is expired.
I have a Redirect To URL set in Branding → Email Templates → Change Password. However, clicking an expired link (i.e when the user has since requested a new link and the old one is expired) does not redirect here - it always goes to the generic Auth0 “Access expired.” page.
Are you using the Classic Universal Login Experience or the New Universal Login Experience?
Unfortunately, the Redirect To behavior described in the topic you linked only applies to the Classic Experience.
For the New Universal Login Experience, you can configure a Tenant Login URI which will be linked on the “Access expired” page. You can read more in here: New Universal Login Experience
I am using the Classic Experience - but it’s not redirecting to the Redirect To URL when I access an expired link. Our customised login pages are using the Auth0 JS SDK and calling the changePassword method.
I’ve been working around this by hosting our own error page and configuring as the “Custom error page URL” in my Tenant Settings but I am curious to know if this is not working as it should be?
Hmm after further testing I think this is working differently for the two “expired” scenarios:
When the configured expiry time for the link has passed
When the user has requested a subsequent email, thus invalidating the first one
What I am seeing is in the first case, the ‘Redirect To’ works fine.
In the second case, it is ending up at the Tenant Level error page. Is that expected?
I was able to recreate the behavior you have described and asked my team about it. Unfortunately, in the second scenario, the generic error page will be displayed instead of the redirect. You can, however, configure a custom error page for your tenant. The page has access to the app’s client_id to allow you to add logic based on which app is encountering the error.
Documentation:
You can also request an update to this behavior in the Feedback category so that the product team and community can review: