Redirect Actions for Partners
When a user is logging in or signing up, a Redirect Action lets you redirect them to an external page (such as a consent form) and then then back to Auth0 to complete their login or signup. You can redirect users to access an external application that prompts them to:
Take an action, like ID proofing
Provide information, like progressive profiling
Agree to something, like consent or terms of service
This process occurs in a Redirect Action:
The Customer Application redirects the user to Auth0 to log in.
If the login is successful, all Actions in the Post Login trigger execute (this happens before MFA, if it is active).
If an Action triggers a redirect, the user is sent to the designated URL along with a state parameter. This URL must be hosted by your service or the customer.
The user is redirected or POSTed back to Auth0 at a specific path on their domain, along with the original state value, and the Action runs any code that exists in
The user is sent back to the application with their identity or, if something failed, an error message.
Once you’re ready to tie your service into the process, there are important elements to consider:
How do you determine when to redirect out of Auth0?
Flag in the user’s app_metadata?
Based on a particular metadata field on the Client?
How do you handle existing user profile data that should be verified? (This data could be user-provided or from a federated identity source, such as Google, Facebook, or Azure AD.)
What data do you need from Auth0 in your service and how do you get it there securely?
How do you persist the state value from Auth0 in your service?
How do you get and persist the
/continueURL to which you want to POST/redirect?
What do you send back to Auth0 and how do you accomplish this securely?
How do you indicate that ID proofing is complete and pass status?
Be mindful of rate limits and update only when necessary
How do you send information back to the requesting application using custom token claims?