Auth0 Home Blog Docs

Redirect To URL not working in case of previously sent change password links

change-password
email
url
redirect
redirecturi

#1

Redirect To URL redirects the user to the specified page in the following three cases:-

  1. Successful password reset.
  2. If the link has expired(exceeded the specified URL lifetime).
  3. If the link has been already used.

If the user receives more than one change password emails, then the link in the most recent email remains valid. All other links in the previously sent emails are marked as expired. When the user clicks on these expired links, he is redirected to Auth0 error page instead of the page specified in the redirect to URL. This behavior is unexpected.

Please see the attached screenshot for further details.![alt text][1]


#2

It’s intended behavior for previously sent password email links to expire for security. The user is redirected to the “Redirect To” URL only after the change password is successful. More details around changing a user’s password can be found here

If you require a different solution than Auth0’s typical password change flow, you could build a custom implementation.

One way you could accomplish this is by sending out an email to the user with a secure link pointing to a change password page at your site. Once complete, you’d call the Management API’s Update User endpoint from your backend server to change the password on the user manually. Using a custom implementation, you could redirect the user however you’d like if the user’s link was expired/invalid.


#3

Thanks for the response @jake.soenneker. But as I have mentioned in the question itself, the user is also redirected to the specified Redirect To URL in the cases 2 and 3 with a relevant message appended to the URL. More details around this can be found here.


#4

Thanks for the response @jake.soenneker. But as I have mentioned in the question itself, the user is also redirected to the specified Redirect To URL in the cases 2 and 3 with a relevant message appended to the URL. More details around this can be found here.


#5

Thank you so much @jake.soenneker. Looking forward to hearing from you soon :slight_smile:


#6

@prakharkumar79 I was able to reproduce the cases you mentioned, and I’m looking further into this. I’ll reply with another comment once I have an update.


#7

Thanks @jake.soenneker :slight_smile:


#8

@prakharkumar79 I’ve escalated this issue and I’ll let you know when are updates.


#9