Change password flow across devices
-
I have a situation that is a bit confusing. I'm using the hosted login pages, and have both mobile and web apps.
I have users who start a change password flow on the mobile app, but then want to complete it on the webapp. The issue I'm running into is that the mobile app has a redirect that looks like
fusionauth.demo:/oauthredirectbut that doesn't work with the webapp, which looks likehttps://example.com/oauth-redirect.So the password ends up being changed, but the user is not sent to the correct redirect URL and so is not logged in to our app correctly.
Any suggestions?
--
FusionAuth - Auth so modern you can download it.
https://fusionauth.io -
You have a few options, none of them great.
- You could look at using universal links and android app links to make sure the redirect URL for both mobile and web apps has the same format.
- You could, on the Change Password Template, put in a message making it clear to users that if they started the change password flow on a mobile device, they should finish it on a mobile device (and same with web apps).
- You could, on the Change Password Template, write javascript to examine the user-agent and the redirect URL. If they are incompatible, you could redirect the user to a device-compatible change password URL (basically by rebuilding the
change passwordlink they clicked on to start the flow and then doing awindow.location=...call).
