"redirect to" on Expired Change Password email link not working

slaywell · March 5, 2021, 3:03pm

Hey all,

I have a requirement to redirect to a custom error page if the Password Reset email link is clicked by a customer and the link is expired.

I have a Redirect To URL set in Branding → Email Templates → Change Password. However, clicking an expired link (i.e when the user has since requested a new link and the old one is expired) does not redirect here - it always goes to the generic Auth0 “Access expired.” page.

According to posts such as this one: Authentication Error Access expired this should take the value from the Redirect URL?

Thanks
Matt

stephanie.chamblee · March 9, 2021, 4:39pm

Hi @slaywell,

Thanks for joining the Community!

Are you using the Classic Universal Login Experience or the New Universal Login Experience?

Unfortunately, the Redirect To behavior described in the topic you linked only applies to the Classic Experience.

For the New Universal Login Experience, you can configure a Tenant Login URI which will be linked on the “Access expired” page. You can read more in here: New Universal Login Experience

slaywell · March 10, 2021, 2:15pm

Hi Stephanie, thanks for getting back to me.

I am using the Classic Experience - but it’s not redirecting to the Redirect To URL when I access an expired link. Our customised login pages are using the Auth0 JS SDK and calling the changePassword method.

I’ve been working around this by hosting our own error page and configuring as the “Custom error page URL” in my Tenant Settings but I am curious to know if this is not working as it should be?

Thanks
Matt

slaywell · March 11, 2021, 10:39am

Hmm after further testing I think this is working differently for the two “expired” scenarios:

When the configured expiry time for the link has passed
When the user has requested a subsequent email, thus invalidating the first one

What I am seeing is in the first case, the ‘Redirect To’ works fine.
In the second case, it is ending up at the Tenant Level error page. Is that expected?

stephanie.chamblee · March 12, 2021, 2:49pm

Hi @slaywell,

I was able to recreate the behavior you have described and asked my team about it. Unfortunately, in the second scenario, the generic error page will be displayed instead of the redirect. You can, however, configure a custom error page for your tenant. The page has access to the app’s client_id to allow you to add logic based on which app is encountering the error.

Documentation:

You can also request an update to this behavior in the Feedback category so that the product team and community can review:

system · March 27, 2021, 2:50pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Redirect To URL not working in case of previously sent change password links Help change-password , email , url , redirect , redirecturi	8	5279	March 2, 2018
redirectUrl of Change Password email template not working for older emails Help auth0 , management-api	17	5370	November 4, 2019
Change Password flow: "Authentication Error - Access expired" in some scenarios while "Redirect URL" used in others Help auth0 , password-reset , change-password , reset , reset-password	2	2204	July 4, 2023
Reset password Link Expired error "Back to Login" button redirects to Tenant Login URI Feedback password-reset	0	93	July 10, 2024
Redirecting to error page URL seemed to have stopped working Help error , error-page	7	3758	March 9, 2020

"redirect to" on Expired Change Password email link not working

Related Topics