Controls whether Auth0 redirects users to the application's callback URL on authentication errors or in email verification flows. open_redirect_protection shows an error page instead of redirecting, and hides the callback domain from email templates. allow_always enables standard redirect behavior. Defaults to open_redirect_protection for third-party clients. Only applies when is_first_party is false and third_party_security_mode is strict. To learn more, read Redirect protection.
Controls whether Auth0 redirects users to the application's callback URL on authentication errors or in email verification flows.
open_redirect_protectionshows an error page instead of redirecting, and hides the callback domain from email templates.allow_alwaysenables standard redirect behavior. Defaults toopen_redirect_protectionfor third-party clients. Only applies whenis_first_partyisfalseandthird_party_security_modeisstrict. To learn more, read Redirect protection.