Hey,
We’re having some issues in our password rest flow, once the user completes the password reset flow they are automatically logged into the application via PKCE as the state is replayed.
We’ve removed the client_id from the url in the email and are still experiencing the same issue. We want users to end up on /password/complete.
I’ve taken a look at steps here posted by @dan:
https://fusionauth.io/community/forum/topic/366/prevent-redirect-after-forgot-password-flow
Are they out out date?
@dee-lalwani @dan
Should I make a github issue? would that be the best course of action ?
@dee-lalwani @dan
Should I make a github issue? would that be the best course of action ?
Hey,
We’re having some issues in our password rest flow, once the user completes the password reset flow they are automatically logged into the application via PKCE as the state is replayed.
We’ve removed the client_id from the url in the email and are still experiencing the same issue. We want users to end up on /password/complete.
I’ve taken a look at steps here posted by @dan:
https://fusionauth.io/community/forum/topic/366/prevent-redirect-after-forgot-password-flow
Are they out out date?