"redirect to" on Expired Change Password email link not working

slaywell · March 5, 2021, 3:03pm

Hey all,

I have a requirement to redirect to a custom error page if the Password Reset email link is clicked by a customer and the link is expired.

I have a Redirect To URL set in Branding → Email Templates → Change Password. However, clicking an expired link (i.e when the user has since requested a new link and the old one is expired) does not redirect here - it always goes to the generic Auth0 “Access expired.” page.

According to posts such as this one: Authentication Error Access expired this should take the value from the Redirect URL?

Thanks
Matt

stephanie.chamblee · March 9, 2021, 4:39pm

Hi @slaywell,

Thanks for joining the Community!

Are you using the Classic Universal Login Experience or the New Universal Login Experience?

Unfortunately, the Redirect To behavior described in the topic you linked only applies to the Classic Experience.

For the New Universal Login Experience, you can configure a Tenant Login URI which will be linked on the “Access expired” page. You can read more in here: New Universal Login Experience

slaywell · March 10, 2021, 2:15pm

Hi Stephanie, thanks for getting back to me.

I am using the Classic Experience - but it’s not redirecting to the Redirect To URL when I access an expired link. Our customised login pages are using the Auth0 JS SDK and calling the changePassword method.

I’ve been working around this by hosting our own error page and configuring as the “Custom error page URL” in my Tenant Settings but I am curious to know if this is not working as it should be?

Thanks
Matt

slaywell · March 11, 2021, 10:39am

Hmm after further testing I think this is working differently for the two “expired” scenarios:

When the configured expiry time for the link has passed
When the user has requested a subsequent email, thus invalidating the first one

What I am seeing is in the first case, the ‘Redirect To’ works fine.
In the second case, it is ending up at the Tenant Level error page. Is that expected?

stephanie.chamblee · March 12, 2021, 2:49pm

Hi @slaywell,

I was able to recreate the behavior you have described and asked my team about it. Unfortunately, in the second scenario, the generic error page will be displayed instead of the redirect. You can, however, configure a custom error page for your tenant. The page has access to the app’s client_id to allow you to add logic based on which app is encountering the error.

Documentation:

You can also request an update to this behavior in the Feedback category so that the product team and community can review:

system · March 27, 2021, 2:50pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.