Theme Template Variables

Overview

Template variables are provided to allow intelligent customization of theme templates. You can use Freemarker to display, hide, or otherwise logically modify what your end users sees based on these values.

Each template has different variables that are available to it. These variables can be used in the template to help with rendering the HTML. There are also a couple of common variables that are available in all of the pages. The common variables and the page specific variables are all listed below.

When the variable is FusionAuth specific, such as the tenant or application, the fields of the variable are the same as the JSON object described in the Retrieve section of the corresponding API documentation.

By default FusionAuth will provide HTML escaping on all values rendered in HTML, this protects you from script injection attacks. If you find a value that is being incorrectly escaped you may need to utilize the FreeMarker built in for no-escape ?no_esc.

Common Variables

applicationApplication

The application resolved by the provided client_id provided on the request. If the request was made without a client_id then this variable will be undefined. Ensure you reference it using a null safe strategy if you are using some of the themed pages without a client_id .

See the Application API for details on this object.

client_idString

The OAuth v2.0 client_id parameter. This is synonymous with FusionAuth’s Application Id.

currentUserUserAvailable since 1.30.0

When there is an active SSO session, this variable will contain the currently logged in user. When an SSO session does not yet exist, this variable will be null. If the user has not checked the Keep me signed in option, there is no SSO session and this variable will be null.

See the User API for details on this object.

errorMessages

A list of error messages that were generated during the processing of the request.

fieldMessages

A map of field messages (usually errors) that were generated during the processing of the request. The key into the map is the name of the form field and the value is a list that contains the errors for that form field.

localeLocale

The locale used to localize messages.

You can find the JavaDoc for this object available here: https://docs.oracle.com/javase/8/docs/api/java/util/Locale.html

requestHttpServletRequest

The HttpServletRequest object that is part of the Java Servlet specification.

You can find the JavaDoc for this object available here: https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html

tenantTenant

The tenant that has been resolved for this template. This value has either been specified on the request by providing the tenantId request parameter or it has been resolved by other request parameters such as the client_id.

If you need to customize the look and feel for different tenants but desire to use the same theme to lower maintenance, store values in tenant.data . For example, you could set tenant.data.customElements.buttonText and tenant.data.customElements.buttonColor , then retrieve values off these fields in the theme templates.

See the Tenant API for details on this object.

tenantIdUUID

The unique Tenant identifier, this is equivalent to tenant.id.

themeTheme

The theme that has been resolved for this template. This could be resolved based on the tenant or the application.

See the Themes API for details on this object.

themeIdUUID

The unique Theme identifier, this is equivalent to theme.id.

Template Specific Variables

In addition to the common variables documented above, each template may have additional variables available to that only make sense in the context of this template. For example, the OAuth Authorize page (the login page) can access the loginId template variable, but this variable would make no sense on the email verification template.

Account edit

Available since 1.26.0
/account/edit

Variables

fieldsMap<Integer, List<FormField>>

The User fields to display in the form. Each key maps to form fields by section within a Self-Service User form.

userUser

The User object corresponding to the authenticated user.

Account index

Available since 1.26.0
/account

Variables

formConfiguredBoolean

A boolean that indicates if a Self-Service User form has been configured for this application.

multiFactorAvailableBoolean

A boolean that indicates if any multi-factor authentication methods have been enabled on the tenant.

userUser

The User object corresponding to the authenticated user.

webauthnAvailableBoolean

A boolean that indicates if WebAuthn has been enabled on the tenant.

Account two-factor disable

Available since 1.26.0
/account/two-factor/disable

Variables

emailString

The email address you are attempting to disable, this will be available when the method is email.

methodString

The two-factor method you are disabling. The possible values are:

  • authenticator
  • email
  • sms
methodIdString

The actual Id of the two-factor method you are disabling.

mobilePhoneString

The mobile phone you are attempting to disable, this will be available when the method is sms.

userUser

The User object corresponding to the authenticated user.

Account two-factor enable

Available since 1.26.0
/account/two-factor/enable

Variables

availableMethodsList<String>

The two-factor methods that are available to be configured.

emailString

The email address if the method value is email.

methodString

The two-factor method. The possible values are:

  • authenticator
  • email
  • sms
mobilePhoneString

The mobile phone if the method is sms.

recoveryCodesList<String>

The recovery codes when a user configured multi-factor authentication for the first time. This will be available after a method has been successfully enabled and this template is rendered a second time. If you already have one method enabled, the recovery codes will not be displayed.

secretString

A Base64 encoded secret for the authenticator method.

secretBase32EncodedString

A Base32 encoded form of the provided secret for the authenticator method.

userUser

The User object corresponding to the authenticated user.

Account two-factor index

Available since 1.26.0
/account/two-factor

Variables

userUser

The User object corresponding to the authenticated user.

Account add WebAuthn passkey

Available since 1.41.0
/account/webauthn/add

Variables

userUser

The User object corresponding to the authenticated user.

Account delete WebAuthn passkey

Available since 1.41.0
/account/webauthn/delete

Variables

credentialObject

The WebAuthn passkey the user is deleting. See the link:/docs/apis/webauthn[WebAuthn API] for details on this object.

Account WebAuthn index

Available since 1.41.0
/account/webauthn/

Variables

webAuthnCredentialsList<Object>

The list of registered WebAuthn passkeys for the current user. See the link:/docs/apis/webauthn[WebAuthn API] for details on this object.

Confirmation required

Available since 1.49.0
/confirmation-required

Variables

confirmationRequiredActionURIString

The URI to return to once confirmation has been provided.

confirmationRequiredReasonString

The reason the user is being prompted for confirmation.

Email verification complete

/email/complete

Variables

No template specific variables.

Email verification re-sent

/email/sent

Variables

emailString

The email address that requested to receive a new email verification request.

Email verification required

Available since 1.27.0
/email/verification-required

Variables

allowEmailChangeBoolean

When true, an additional form is displayed to allow the user to update their email address. This is intended to assist the user if they mis-typed their email address previously. This occurs when Allow email change when gated is enabled under email verification settings on the Tenant.

collectVerificationCodeBoolean

When true, a form input is displayed to allow a user to enter the verification code. This occurs when Verification strategy is set to FormField under email verification settings on the Tenant.

emailString

The current value of the user's email address. This may be useful to indicate to the user which email address was sent a verification code.

showCaptchaBooleanAvailable since 1.30.0

A boolean that controls whether or not to include captcha scripts and show the captcha challenge (or message for invisible captcha).

verificationIdString

The verification Id that was included on as a URL parameter. This is the high entropy value that will be paired with the low entropy one time code to complete email verification.

Email verification

/email/verify

Variables

postMethodBoolean

Defaults to true on this page.

showCaptchaBooleanAvailable since 1.30.0

A boolean that controls whether or not to include captcha scripts and show the captcha challenge (or message for invisible captcha).

verificationIdString

The verification Id that was included on as a URL parameter but was invalid. This page does a redirect if the verificationId is valid.

Index

Available since 1.27.0
/

Variables

No template specific variables.

OAuth authorize

/oauth2/authorize

Variables

bootStrapWebauthnEnabledBooleanAvailable since 1.41.0

A boolean that indicates if the WebAuthn bootstrap workflow is enabled for the current application.

code_challengeString

The OAuth v2.0 code_challenge parameter.

code_challenge_methodString

The OAuth v2.0 code_challenge_method parameter used in conjunction with PKCE. Can be either plain or S256.

devicePendingIdPLinkObject

The PendingIdpLink that is generated when using the device OAuth flow. This object provides information about the current state of the user and the identity provider prior to completing the link. This is available when linking or registering a device ( i.e. Playstation or XBox).

devicePendingIdPLink.displayNameString

A human readable name for this link to help you identify this link. This value will generally be an email address, or username.

devicePendingIdPLink.emailString

The email address of the FusionAuth user being linked to the identity provider.

devicePendingIdPLink.identityProviderLinksList<Object>

See the link:/docs/apis/identity-providers/links[Link API] for details on this object.

devicePendingIdPLink.identityProviderNameString

The name of the identity provider that is being linked to.

devicePendingIdPLink.identityProviderTypeString

The type of identity provider that is being linked to.

devicePendingIdPLink.identityProviderUserIdString

The Id for the User that is provided by the identity provider.

devicePendingIdPLink.linkLimitExceededBoolean

A boolean that indicates if a user has exceeded the maximum number of links allowed.

devicePendingIdPLink.userUser

The FusionAuth user that is linked to the identity provider.

devicePendingIdPLink.usernameString

The username of the FusionAuth user being linked to the identity provider.

hasDomainBasedIdentityProvidersBoolean

A boolean that indicates if there are domain-based identity providers configured. These identity providers use the user's email address to determine if an external IdP should be used to log the user in.

identityProvidersMap<String, List<Object>>

A map of the configured identity providers for the Application the user is logging into. The key into the map is the type of the identity provider (i.e. Facebook or OpenIDConnect). The value is a list of all of the configured identity providers for that type. + NOTE: This map does not contain any "domain-based" identity providers since those are handled differently using just the Email input field to start and then possibly redirecting the browser to the external IdP login page.

loginIdString

The value from the loginId form field. This is either the username or the email of the user attempting to log into FusionAuth.

metaDataMetaData

Metadata on when the JWT Refresh Token was created

nonceString

The OpenID Connect nonce request parameter.

passwordlessEnabledBoolean

A boolean that controls whether or not to to utilize a passwordless flow.

pendingIdpLinkObject

This is the unique value when creating a link between a unique UUID returned by the IdP and a new or existing FusionAuth user.

pendingIdpLink.displayNameString

A human readable name for this link to help you identify this link. This value will generally be an email address, or username.

pendingIdpLink.emailString

The email address of the FusionAuth user being linked to the identity provider.

pendingIdpLink.identityProviderLinksList<Object>

See the link:/docs/apis/identity-providers/links[Link API] for details on this object.

pendingIdpLink.identityProviderNameString

The name of the identity provider that is being linked to.

pendingIdpLink.identityProviderTypeString

The type of identity provider that is being linked to.

pendingIdpLink.identityProviderUserIdString

The Id for the User that is provided by the identity provider.

pendingIdpLink.linkLimitExceededBoolean

A boolean that indicates if a user has exceeded the maximum number of links allowed.

pendingIdpLink.userUser

The FusionAuth user that is linked to the identity provider.

pendingIdpLink.usernameString

The username of the FusionAuth user being linked to the identity provider.

redirect_uriString

The OAuth v2.0 redirect_uri parameter. This is the URI that FusionAuth will redirect the user to once they have successfully logged in.

rememberDeviceString

This value is used to record if ths user would like to have their device remembered on the next login.

response_typeString

The OAuth v2.0 response_type parameter.

scopeString

The OAuth v2.0 scope parameter.

showCaptchaBooleanAvailable since 1.30.0

A boolean that controls whether or not to include captcha scripts and show the captcha challenge (or message for invisible captcha).

showPasswordFieldBoolean

A boolean that controls whether the password field is shown if there are domain-based identity providers. If there are domain based identity providers and the user types in an email address that is not managed by the identity provider, FusionAuth will then re-render this template with this variable set to true. This will indicate that the password field should be shown so that the user can complete their login. If you need an example of this behavior, check out the login page at https://www.pivotaltracker.com/signin.

showWebAuthnReauthLinkBooleanAvailable since 1.41.0

A boolean that indicates if the WebAuthn re-authentication workflow is enabled for the current application, and there are re-authentication passkeys available on the current device.

stateString

The OAuth v2.0 state parameter.

timezoneString

The timezone that the user is in. This is normally guessed by the timezone JavaScript library (or something similar) and then stored in a hidden input field on the login form.

user_codeString

The user code provided by the user in the form, or if the user_code was provided on the URL using a request parameter such as ?user_code=123 this value will be provided in the template using this variable.

versionString

The version.

OAuth authorized not registered

Available since 1.28.0
/oauth2/authorized-not-registered

Variables

No template specific variables.

OAuth child registration not allowed

/oauth2/child-registration-not-allowed

Variables

parentEmailString

The parent’s email address provided in the input field of the form.

OAuth child registration not allowed complete

/oauth2/child-registration-not-allowed-complete

Variables

No template specific variables.

OAuth complete registration

/oauth2/complete-registration

Variables

No template specific variables.

OAuth device

Available since 1.11.0
/oauth2/device

Variables

devicePendingIdPLinkObject

The PendingIdpLink that is generated when using the device OAuth flow. This object provides information about the current state of the user and the identity provider prior to completing the link. This is available when linking or registering a device ( i.e. Playstation or XBox).

devicePendingIdPLink.displayNameString

A human readable name for this link to help you identify this link. This value will generally be an email address, or username.

devicePendingIdPLink.emailString

The email address of the FusionAuth user being linked to the identity provider.

devicePendingIdPLink.identityProviderLinksList<Object>

See the link:/docs/apis/identity-providers/links[Link API] for details on this object.

devicePendingIdPLink.identityProviderNameString

The name of the identity provider that is being linked to.

devicePendingIdPLink.identityProviderTypeString

The type of identity provider that is being linked to.

devicePendingIdPLink.identityProviderUserIdString

The Id for the User that is provided by the identity provider.

devicePendingIdPLink.linkLimitExceededBoolean

A boolean that indicates if a user has exceeded the maximum number of links allowed.

devicePendingIdPLink.userUser

The FusionAuth user that is linked to the identity provider.

devicePendingIdPLink.usernameString

The username of the FusionAuth user being linked to the identity provider.

interactive_user_codeString

The user code provided by the user in the form, or if the user_code was provided on the URL using a request parameter such as ?user_code=123 this value will be provided in the template using this variable.

userCodeLengthInteger

The length of the interactive user code. This value may be used to build the correct number of input fields for the interactive code.

OAuth device complete

Available since 1.12.0
/oauth2/device-complete

Variables

completedLinksList<PendingIdPLink>Available since 1.30.0

An optional parameter that may be present if the completion of this device request resulted in one or more Identity Provider links being established to this user. + This variable may be helpful if you wish to communicate to the user which links have been completed.

OAuth error

/oauth2/error

Variables

oauthJSONErrorString

The OAuth error JSON that could be helpful for developers while debugging.

OAuth logout

/oauth2/logout

Variables

allLogoutURLsSet<String>

A set of URLs associated with all of the applications in the tenant to log out the user.

redirectURLString

The URL to be redirected to after the front-channel logout occur.

registeredLogoutURLsSet<String>

A set of URLs associated with all of the applications the user is registered for to log out the user.

OAuth passwordless

/oauth2/passwordless

Variables

redirect_uriString

The OAuth v2.0 redirect_uri parameter. This is the URI that FusionAuth will redirect the user to once they have successfully logged in.

response_typeString

The OAuth v2.0 response_type parameter.

scopeString

The OAuth v2.0 scope parameter.

showCaptchaBooleanAvailable since 1.30.0

A boolean that controls whether or not to include captcha scripts and show the captcha challenge (or message for invisible captcha).

stateString

The OAuth v2.0 state parameter.

timezoneString

The timezone that the user is in. This is normally guessed by the timezone JavaScript library (or something similar) and then stored in a hidden input field on the login form.

OAuth register

/oauth2/register

Variables

collectBirthDateBoolean

Whether or not to collect a birth date for a Consent workflow.

hideBirthDateBoolean

Whether or not to render a hidden field for passing along the birthdate in the form.

parentEmailRequiredBoolean

Whether or not a parent's email address is required for a Consent Workflow.

passwordValidationRulesObject

An object that contains the password validation rules. The object fields are defined in keys to this object, as defined below.

passwordValidationRules.maxLengthInteger

The maximum length of a password.

passwordValidationRules.minLengthInteger

The minimum length of a password.

passwordValidationRules.rememberPreviousPasswords.countInteger

The number of previous passwords the user is not allowed to re-use.

passwordValidationRules.requireMixedCaseBoolean

Whether or not the user must use upper and lower-cased letter.

passwordValidationRules.requireNonAlphaBoolean

Whether or not the user must use at least one non-alphabetic character in their password.

passwordValidationRules.requireNumberBoolean

Whether or not the user must use at least one numeric character in their password.

showCaptchaBooleanAvailable since 1.30.0

A boolean that controls whether or not to include captcha scripts and show the captcha challenge (or message for invisible captcha).

Available since 1.28.0
/oauth2/start-idp-link

Variables

devicePendingIdPLinkObject

The PendingIdpLink that is generated when using the device OAuth flow. This object provides information about the current state of the user and the identity provider prior to completing the link. This is available when linking or registering a device ( i.e. Playstation or XBox).

devicePendingIdPLink.displayNameString

A human readable name for this link to help you identify this link. This value will generally be an email address, or username.

devicePendingIdPLink.emailString

The email address of the FusionAuth user being linked to the identity provider.

devicePendingIdPLink.identityProviderLinksList<Object>

See the link:/docs/apis/identity-providers/links[Link API] for details on this object.

devicePendingIdPLink.identityProviderNameString

The name of the identity provider that is being linked to.

devicePendingIdPLink.identityProviderTypeString

The type of identity provider that is being linked to.

devicePendingIdPLink.identityProviderUserIdString

The Id for the User that is provided by the identity provider.

devicePendingIdPLink.linkLimitExceededBoolean

A boolean that indicates if a user has exceeded the maximum number of links allowed.

devicePendingIdPLink.userUser

The FusionAuth user that is linked to the identity provider.

devicePendingIdPLink.usernameString

The username of the FusionAuth user being linked to the identity provider.

pendingIdpLinkObject

This is the unique value when creating a link between a unique UUID returned by the IdP and a new or existing FusionAuth user.

pendingIdpLink.displayNameString

A human readable name for this link to help you identify this link. This value will generally be an email address, or username.

pendingIdpLink.emailString

The email address of the FusionAuth user being linked to the identity provider.

pendingIdpLink.identityProviderLinksList<Object>

See the link:/docs/apis/identity-providers/links[Link API] for details on this object.

pendingIdpLink.identityProviderNameString

The name of the identity provider that is being linked to.

pendingIdpLink.identityProviderTypeString

The type of identity provider that is being linked to.

pendingIdpLink.identityProviderUserIdString

The Id for the User that is provided by the identity provider.

pendingIdpLink.linkLimitExceededBoolean

A boolean that indicates if a user has exceeded the maximum number of links allowed.

pendingIdpLink.userUser

The FusionAuth user that is linked to the identity provider.

pendingIdpLink.usernameString

The username of the FusionAuth user being linked to the identity provider.

registrationEnabledBoolean

A boolean that indicates if the application is configured for self registration.

OAuth two-factor

/oauth2/two-factor

Variables

codeString

The value of the code form field on the page. This will be available only after the user has submitted the form.

methodTwoFactorMethodAvailable since 1.26.0

The currently selected two-factor method. This may be helpful if you want to communicate to the end user their currently selected method. + For example, method.method will indicate the type of method, authenticator, email or sms. Based upon the method, the method.email or method.mobilePhone will indicate which transport is being used to send the user a code.

methodIdStringAvailable since 1.26.0

The method Id. This Id, if defined, will represent the currently selected method, or last used method.

pushEnabledBooleanDEPRECATED

Whether or not FusionAuth has pushed (SMS) enabled for two-factor.


Removed in 1.26.0
pushPreferredBooleanDEPRECATED

Whether or not the user prefers push (SMS) for two-factor.


Removed in 1.26.0
redirect_uriString

The OAuth v2.0 redirect_uri parameter. This is the URI that FusionAuth will redirect the user to once they have successfully logged in.

resendCodeBooleanDEPRECATED

Whether or not the user wants the code to be resent to their phone (valid for push two-factor).


Removed in 1.26.0
response_typeString

The OAuth v2.0 response_type parameter.

scopeString

The OAuth v2.0 scope parameter.

showResendOrSelectMethodBoolean

Whether or not to display a link to allow the user to select a different method or resend the code. This value will be true when more than one option exist for the user to select, or the available method is email or sms which will allow for a resend option.

stateString

The OAuth v2.0 state parameter.

timezoneString

The timezone that the user is in. This is normally guessed by the timezone JavaScript library (or something similar) and then stored in a hidden input field on the login form.

trustComputerBoolean

The value of the "Trust this computer" form field. This will be available only after the user has submitted the form. Otherwise, it defaults to false. When the user checks this box, a cookie is dropped so that two-factor authentication can be skipped on this computer.

twoFactorIdString

The unique Id of the current multi-factor authentication attempt.

userCanReceivePushBooleanDEPRECATED

Whether or not the user is capable of receiving push notifications for two-factor. This means that the user has a mobile phone number.


Removed in 1.26.0

OAuth two-factor enable

Available since 1.42.0
/oauth2/two-factor-enable

Variables

availableMethodsList<String>

The two-factor methods that are available to be configured.

codeString

Returned when twoFactorId is provided to complete Two Factor login.

emailString

The email address if the method value is email.

methodString

The two-factor method. The possible values are:

  • authenticator
  • email
  • sms
mobilePhoneString

The mobile phone if the method is sms.

secretString

A base64 encoded version of the secret that can be used to build a QR code when using the authenticator method.

secretBase32EncodedString

A base32 encoded version of the secret that can be used to build a QR code when using the authenticator method.

OAuth two-factor enable complete

Available since 1.42.0
/oauth2/two-factor-enable-complete

Variables

recoveryCodesList<String>

The recovery codes when a user configured multi-factor authentication for the first time. This will be available after a method has been successfully enabled and this template is rendered a second time. If you already have a method enabled, the recovery codes will not be displayed.

OAuth two-factor methods

Available since 1.26.0
/oauth2/two-factor-methods

Variables

availableMethodsMapMap<String, TwoFactorMethod>

A map of two-factor methods that the user has configured. The key into the map is the unique methodId. The value is the two-factor method.

methodIdString

The method Id. This Id, if defined, will represent the currently selected method, or last used method.

recoverCodesAvailableInteger

The total number of recovery codes that the user has available to use.

timezoneString

The timezone that the user is in. This is normally guessed by the timezone JavaScript library (or something similar) and then stored in a hidden input field on the login form.

twoFactorIdString

The unique Id of the current multi-factor authentication attempt.

OAuth wait

Available since 1.12.0
/oauth2/wait

Variables

codeString

The FusionAuth temporary code used to complete this external authentication request.

OAuth WebAuthn

Available since 1.41.0
/oauth2/webauthn

Variables

showCaptchaBoolean

A boolean that controls whether or not to include captcha scripts and show the captcha challenge (or message for invisible captcha).

OAuth WebAuthn Reauth

Available since 1.41.0
/oauth2/webauthn-reauth

Variables

webAuthnCredentialsList<Object>

A list of the WebAuthn passkeys available to complete re-authentication on the current device. See the link:/docs/apis/webauthn[WebAuthn API] for details on this object.

OAuth WebAuthn Reauth Enable

Available since 1.41.0
/oauth2/webauthn-reauth-enable

Variables

webAuthnCredentialsList<Object>

A list of the current user's registered WebAuthn passkeys that may be suitable for use in the re-authentication workflow. See the link:/docs/apis/webauthn[WebAuthn API] for details on this object.

OAuth Change password form

/password/change

Variables

changePasswordIdString

The id that was sent to the user (usually via email) that allows them to change their password. Normally, this id is included in the email template for the forgot password workflow and when the user clicks the link in the email, they are taken to this page with this parameter on the URL.

passwordValidationRulesObject

An object that contains the password validation rules. The object fields are defined in keys to this object, as defined below.

passwordValidationRules.maxLengthInteger

The maximum length of a password.

passwordValidationRules.minLengthInteger

The minimum length of a password.

passwordValidationRules.rememberPreviousPasswords.countInteger

The number of previous passwords the user is not allowed to re-use.

passwordValidationRules.requireMixedCaseBoolean

Whether or not the user must use upper and lower-cased letter.

passwordValidationRules.requireNonAlphaBoolean

Whether or not the user must use at least one non-alphabetic character in their password.

passwordValidationRules.requireNumberBoolean

Whether or not the user must use at least one numeric character in their password.

showCaptchaBooleanAvailable since 1.30.0

A boolean that controls whether or not to include captcha scripts and show the captcha challenge (or message for invisible captcha).

OAuth password complete

/password/complete

Variables

No template specific variables.

Forgot password

/password/forgot

Variables

showCaptchaBooleanAvailable since 1.30.0

A boolean that controls whether or not to include captcha scripts and show the captcha challenge (or message for invisible captcha).

Forgot password sent

/password/sent

Variables

emailStringAvailable since 1.48.0

The email address that requested to receive a change password request.

Verify registration complete

/registration/complete

Variables

No template specific variables.

Verify registration re-sent

/registration/sent

Variables

applicationIdUUID

The Id of the application that the user is verifying their email for and needs the email to be resent.

emailString

The email address that requested to receive a new registration verification request.

Verify registration required

Available since 1.27.0
/registration/verification-required

Variables

collectVerificationCodeBoolean

When true, a form input is displayed to allow a user to enter the verification code. This occurs when Verification strategy is set to FormField under registration verification settings on the Application.

showCaptchaBooleanAvailable since 1.30.0

A boolean that controls whether or not to include captcha scripts and show the captcha challenge (or message for invisible captcha).

verificationIdString

The verification Id that was included on as a URL parameter. This is the high entropy value that will be paired with the low entropy one time code to complete email verification.

Verify registration

/registration/verify

Variables

showCaptchaBooleanAvailable since 1.30.0

A boolean that controls whether or not to include captcha scripts and show the captcha challenge (or message for invisible captcha).

verificationIdString

The verification id that was included on as a URL parameter but was invalid. This page does a redirect if the verificationId is valid.

SAML logout

Available since 1.25.0
/samlv2/logout

Variables

allLogoutURLsSet<String>

A set of URLs associated with all of the applications in the tenant to log out the user.

registeredLogoutURLsSet<String>

A set of URLs associated with all of the applications the user is registered for to log out the user.

Unauthorized

Available since 1.30.0
/unauthorized

Variables

causeString

A string that defines why the user has been redirected to this page.

incidentIdString

A string that defines the Id of each security incident generated by the Advanced Threat Detection suite.