Problem Statement
When requesting a verification email to be sent to the user through a Management API SDK, the end-user receives the verification link. But when they access the link they get an error page instead of being redirected to a client application-specific redirect URL.
As part of the error message it is possible to conclude that the email was actually verified with success, however, the overall flow still fails.
Symptoms
After accessing a verification email link the end-user gets shown an error page; the error message returned mentions that the issue is related to an invalid result url.
In addition to the error page a tenant log is generated:
{
"type": "fv",
"description": "invalid result url: /[optional_path_component]?supportSignUp=true&supportForgotPassword=true&email=[redacted_email_address]&message=Your%20email%20was%20verified.%20You%20can%20continue%20using%20the%20application.&success=true&code=success",
// other properties
}
Troubleshooting
Check that the email verification (with link) email template is configured to use a result URL that depends on the placeholder application.callback_domain. If it does, verify if the request/operation that originated the creation of the email verification ticket link included (if supported) an explicit client application identifier (client_id parameter); if one is not explicitly provided/supported, depending on the endpoint being used, a client application would be assumed by default.
For example, the verification email job endpoint will assume the global client application if one is not explicitly stated. Upon getting confirmation of which client application is being used/assumed in the context of the request check if that client application defines at least one allowed callback URL as that is what is used to derive the value of the email template placeholder application.callback_domain.
Examples of endpoints that may trigger a verification email ticket link to be generated:
- Management API - Create an email verification ticket endpoint
- Management API - Send an email address verification email endpoint
- Management API - Create a user endpoint
- Authentication API - Signup endpoint
Cause
The client application associated with the request that triggers the email verification ticket link to be generated does not have any allowed callback URL defined so the email template placeholder application.callback_domain is an empty value which then triggers an invalid result URL.
Solution
Ensure that the email verification request is performed in association with a client application that defines at least one allowed callback URL. Accomplish this by ensuring that the underlying API request includes a suitable client identifier parameter in the request body if the endpoint supports it or ensure that the client assumed by default by the endpoint is the expected one. Alternatively, update the email template result URL to not depend on the application.callback_domain email placeholder.