Skip to content

Commit 2d11c57

Browse files
nick-gagliardilrzhou25
authored andcommitted
docs: document redirect to custom domain requirement (#1407)
* docs: document redirect to custom domain requirement * fix(email-templates): correct Redirect To restriction to plan-tier gate Earlier callouts asserted the resultUrl restriction was a verified custom domain requirement and that the 403 wording was misleading. After review of the merged remediation PR (atko-cic/api2#12586), the actual gate is non-enterprise subscription type AND tenant created on or after 2026-05-05. Custom domain is no longer part of the check. - Customize Email Templates: rewrite callout to describe the plan-tier + creation-date gate; remove incorrect custom-domain guidance; replace remediation with 'contact account team'. - Supported Liquid Syntax: update cross-link callout wording to match. Refs: SF #02933989, psirt-incident-182, atko-cic/api2#12586
1 parent 4e29376 commit 2d11c57

2 files changed

Lines changed: 20 additions & 0 deletions

File tree

main/docs/customize/email/email-templates/customize-email-templates.mdx

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,20 @@ Email templates that include a link (**Verification Email (Link)**, **Change Pas
5353

5454
* The **Redirect To** field sets a URL where a user is redirected after completing the action at an included link.
5555

56+
<Callout icon="file-lines" color="#0EA5E9" iconType="regular">
57+
58+
Tenants created on or after **May 5, 2026** with a non-enterprise subscription cannot customize the **Redirect To** field (`resultUrl` in the Management API). Tenants created before this date are exempt regardless of subscription type. This restriction was added to mitigate an open-redirect abuse vector.
59+
60+
Attempting to set `resultUrl` on an affected tenant returns:
61+
62+
```text
63+
403 — Customizations for resultUrl are not allowed for non-enterprise tenants
64+
```
65+
66+
To customize the **Redirect To** field on a non-enterprise tenant created on or after May 5, 2026, contact your Auth0 account team about upgrading your subscription.
67+
68+
</Callout>
69+
5670
<Callout icon="file-lines" color="#0EA5E9" iconType="regular">
5771
Universal Login currently ignores the value of the **Redirect To** field in the **Password Reset** template and instead redirects to the [default login route](/docs/authenticate/login/auth0-universal-login/configure-default-login-routes) or an [error page](/docs/authenticate/login/auth0-universal-login/error-pages).
5872

main/docs/customize/email/email-templates/supported-liquid-syntax.mdx

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -133,6 +133,12 @@ To use custom domains in emails, ensure you have:
133133

134134
In email templates with a **Redirect To** URL field, only the following three variables are supported:
135135

136+
<Callout icon="file-lines" color="#0EA5E9" iconType="regular">
137+
138+
Custom **Redirect To** values are not available on non-enterprise tenants created on or after May 5, 2026. See [URL Lifetime and Redirect to](/docs/customize/email/email-templates/customize-email-templates#url-lifetime-and-redirect-to).
139+
140+
</Callout>
141+
136142
* `application.name` (or its synonym `client.name`)
137143
* `application.clientID`
138144
* `application.callback_domain` (or its synonym `client.callback_domain`), which contains the origin of the first URL listed in the application's **Allowed Callback URL** list. This is an origin and therefore includes the protocol (like `https://`) in addition to the domain.

0 commit comments

Comments
 (0)