Auth0 Home Blog Docs

Which fields are available in the redirect-to url of the reset email

reset-password
redirect-to
#1

Our situation:
* Each of our customers access our product through a custom domain: <customer>.<our-domain>
* We have a single tenant that handles authentication for all users of all customers.
* Normal login flow: user goes to https://<customer>.<our-domain>/login which redirects them to https://login.<our-domain> (form hosted by Auth0), which redirects back to https://<customer>.<our-domain>

Our goal:
* After a user resets their passwords, we want them to be redirected to https://<customer>.<our-domain>

This however is problematic. In the user.app_metadata we store which customer a user belongs too, but I am not sure how to leverage this. The email template for the reset-email allows us to set a ‘redirect url’, but according to the documentation we can only set a static url there. Now I noticed that in the redirect-url field we can also use {{application.name}} (but this doesn’t seem to be documented), so one solutions might be to create one application per customer and make the redirect url https://{{application.name}}.ourcompany.com. But that seems like a lot of configuration work to achieve a redirect.

Questions:
1) Can you make it possible to use {{user.app_metadata}} in the redirect url for emails?
2) Can we reliably use {{application.name}} in the redirect url, or might this break at some point?
3) Do you have any other suggestions to achieve our goal?

I saw that there were similar questions to these in the past, but none with any conclusive answers.

2 Likes
#2

For your first question I would suggest submitting a feature request. Having access to more variables in the email templates would be great!

{application.name} is in the docs (now) so I would suggest it is stable.

My only suggestion is not a very good one: With the way Auth0 works today, your use case might be better served by multiple Auth0 user databases (so you can leverage {connection.name} or possibly even multiple tenants (though maintaining tenants is a challenge … see https://github.com/auth0-extensions/auth0-reset-tenant).

#3

Is there a way of using rules to set the application.name based on user meta data?