Using OAuth Web Authentication in a community does not perform redirect when using UserManagement.init and verify password methods

Using OAuth Web Authentication in a community does not perform redirect when using UserManagement.init and verify password methods

Apex , Authentication , Communities

Last updated 2020-03-04 ·Reference W-7001138 ·Reported By 3 users

Scheduled - Summer '20

Using a custom Lightning component verify page in a community, and utilizing the methods

UserManagement.initPasswordlessLogin(userId, method)

UserManagement .verifyPasswordlessLogin(userId, method, identifier, code, startUrl)

In a OAuth Web Authentication Flow
Results in a successful login however a redirect does not occur when trying to utilize

The user will be logged in however redirection does not occur to initial redirect URL

UserManagement Class

OAuth 2.0 Web Server Authentication Flow

1) Create Apex Class similar to below

global without sharing class TestingLoginController{

public static String finishLoginOtp(String username, String tId, String code, String startUrl) {
if (code != null && tId != null) {
List<User> users = [SELECT Id, Username, IsActive FROM User WHERE Username=:username and isactive = true];
Auth.VerificationResult r = UserManagement.verifyPasswordlessLogin(users[0].id, Auth.VerificationMethod.EMAIL, tId, code, startUrl);
aura.redirect(r.redirect) ;

return r.redirect.getUrl();
return null;

public static String initLoginOtp(String username) {
String startUrl = '' ;
List<User> users = [SELECT Id, Username, IsActive FROM User WHERE Username=:username and isactive = true];
if (!users.isEmpty()) {
return UserManagement.initPasswordlessLogin(users[0].Id, Auth.VerificationMethod.EMAIL);
return null;

2) Create a Lightning Component similar to below
<aura:component controller="TestingLoginController" implements="forceCommunity:availableForAllPageTypes">
<aura:attribute name="code" type="String" access="private" required="false"/>
<aura:attribute name="tId" type="String" access="private" required="false"/>
<aura:attribute name="startUrl" type="String" required="false" description="The url you go to after a successful login" />

<aura:dependency resource="siteforce:registerQueryEventMap" type="EVENT"/>

<lightning:input value="" aura:id="username" placeholder="username"/>
<lightning:input value="" aura:id="code" placeholder="code"/>
<lightning:button label="init otp"
onClick="{!c.initOtp}" class="sfdc_button"/>
<lightning:button label="finish otp"
onClick="{!c.finishOtp}" class="sfdc_button"/>


initOtp : function(component, event, helper) {
var username = component.find("username").get("v.value");
var action = component.get("c.initLoginOtp");
action.setParams({username: username});

action.setCallback(this, function(a){
component.set('v.tId', a.getReturnValue());
console.log('init done');

finishOtp : function(component, event, helper) {
console.log('finish start');
var username = component.find("username").get("v.value");
var code = component.find("code").get("v.value");
var startUrl = helper.getUrlParameter('startURL');
startUrl = decodeURIComponent(startUrl);
var action = component.get("c.finishLoginOtp");
var tId = component.get("v.tId");

action.setParams({username: username, tId: tId, code: code, startUrl: startUrl});
action.setCallback(this, function(a){


3) Create a connected App
-Ensure community user profiles have access to this.
And able to self authorize

4) Update community administration section
>Login & Registration
Login Page Type > login

5) Update Login Page in community Builder to use custom component defined above.

6) Perform Login via community URL eg. https://testingCommunity[ConnectedAppConsumerKey]&redirect_uri=[ConnectedAppRedirectURL]

No current workaround if wanting to use

UserManagement.initPasswordlessLogin(userId, method)

UserManagement .verifyPasswordlessLogin(userId, method, identifier, code, startUrl)

However an alternative could be to consider
Site.passwordlessLogin(userId, methods, startUrl)

Is it Fixed?

AP0 AP3 AP4 AP5 AP6 AP7 AP8 AP9 AP10 AP11 AP12 AP13 AP14 AP15 AP16 AP17 AP18 AP19 AP20 AP21 AP22 AP28 CS1 CS2 CS3 CS4 CS5 CS6 CS7 CS8 CS9 CS10 CS109 CS108 CS107 CS106 CS105 CS102 CS101 CS100 CS115 CS119 CS110 CS117 CS114 CS113 CS112 CS111 CS11 CS116 CS12 CS122 CS121 CS126 CS127 CS129 CS128 CS125 CS124 CS123 CS137 CS138 CS13 CS133 CS132 CS14 CS148 CS142 CS15 CS152 CS151 CS16 CS17 CS18 CS19 CS20 CS21 CS22 CS23 CS24 CS25 CS26 CS27 CS28 CS29 CS30 CS31 CS32 CS33 CS34 CS35 CS36 CS37 CS40 CS41 CS42 CS43 CS44 CS45 CS47 CS50 CS51 CS52 CS53 CS54 CS57 CS58 CS59 CS60 CS61 CS62 CS63 CS64 CS65 CS66 CS67 CS68 CS69 CS70 CS71 CS72 CS73 CS74 CS75 CS76 CS77 CS78 CS79 CS80 CS81 CS82 CS83 CS84 CS85 CS86 CS87 CS88 CS89 CS90 CS91 CS92 CS93 CS94 CS95 CS96 CS97 CS98 CS99 EU7 EU8 EU10 EU12 EU13 EU14 EU15 EU16 EU17 EU18 EU19 EU25 EU26 EU27 EU28 EU29 EU30 EU31 EU32 NA104 NA107 NA109 NA100 NA101 NA103 NA102 NA105 NA119 NA116 NA110 NA118 NA112 NA111 NA115 NA114 NA113 NA117 NA121 NA124 NA122 NA120 NA126 NA127 NA123 NA129 NA130 NA134 NA133 NA136 NA135 NA132 NA131 NA146 NA142 NA141 NA154 NA155 NA172 NA174 NA171 NA173 NA196 NA21 NA37 NA39 NA44 NA45 NA46 NA47 NA49 NA52 NA54 NA57 NA58 NA59 NA61 NA62 NA64 NA65 NA66 NA67 NA68 NA69 NA70 NA71 NA72 NA73 NA74 NA75 NA76 NA77 NA79 NA80 NA81 NA82 NA83 NA84 NA85 NA86 NA87 NA88 NA89 NA90 NA91 NA92 NA93 NA94 NA95 NA96 NA97 NA98 NA99 UM1 UM2 UM3 UM4 UM5 UM6 UM7

Any unreleased services, features, statuses, or dates referenced in this or other public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make their purchase decisions based upon features that are currently available.