FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Redirect the user to a different URI for the forgot password flow

    Scheduled Pinned Locked Moved
    Q&A
    redirect-uri forgot password
    1
    2
    1.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • danD
      dan
      last edited by

      Hi,

      I want to send users who login to url A and users to forgot their password and reset it to url B.

      How can I do this with FusionAuth? It appears that everyone is set to the first redirect_uri for the application.

      --
      FusionAuth - Auth for devs, built by devs.
      https://fusionauth.io

      1 Reply Last reply Reply Quote 0
      • danD
        dan
        last edited by

        I think the simplest solution is to modify the link helper macro in the theme. This macro looks like this by default:

        [#macro link url extraParameters=""]
<a href="${url}?tenantId=${(tenantId)!''}&client_id=${(client_id?url)!''}&nonce=${(nonce?url)!''}&redirect_uri=${(redirect_uri?url)!''}&response_mode=${(response_mode?url)!''}&response_type=${(response_type?url)!''}&scope=${(scope?url)!''}&state=${(state?url)!''}&timezone=${(timezone?url)!''}&metaData.device.name=${(metaData.device.name?url)!''}&metaData.device.type=${(metaData.device.type?url)!''}${extraParameters!''}&code_challenge=${(code_challenge?url)!''}&code_challenge_method=${(code_challenge_method?url)!''}&user_code=${(user_code?url)!''}">
[#nested/]
</a>
[/#macro]

        What we want to do is modify the redirect_uri in certain cases. In this case, we know that the url will have the value /password/forgot so we can put an if statement in there:

        [#macro link url extraParameters=""]
[#if url == "/password/forgot"]
[#assign redirect_uri="https://example.com/pageb"]
[/#if]
...

        You'll also need to:

        • create the page that lives at url B (https://example.com/pageb in this example). It won't be hosted by FusionAuth.
        • add url B to the list of Authorized Redirect URLs in your OAuth configuration.

        That should work. There are some other alternatives, however. If you generate the "Forgot password" page without a client_id, you won't end up logged in after a password reset. Instead you'll end up at the "OAuth password complete" page, which you can design in the theme editor.

        More about themes.

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • First post
          Last post