fix: pass sessionID to OTP email link (#8745)

# Which Problems Are Solved OTP Email links currently could not use / include the sessionID they belong to. This prevents an easy use for redirecting and handling OTP via email through the session API. # How the Problems Are Solved Added the sessionID as placeholder for the OTP Email link template. # Additional Changes List all available placeholders in the url_templates of V2 endpoints. # Additional Context - discussed in a customer meeting
2025-08-12 07:57:32 +00:00 · 2024-10-10 15:53:32 +02:00
parent 222915ca3d
commit 16171ce3b9
8 changed files with 23 additions and 7 deletions
--- a/proto/zitadel/session/v2/challenge.proto
+++ b/proto/zitadel/session/v2/challenge.proto
@@ -42,13 +42,16 @@ message RequestChallenges {
  }
  message OTPEmail {
    message SendCode {
+      // Optionally set a url_template, which will be used in the mail sent by ZITADEL to guide the user to your verification page.
+      // If no template is set, the default ZITADEL url will be used.
+      //
+      // The following placeholders can be used: Code, UserID, LoginName, DisplayName, PreferredLanguage, SessionID
      optional string url_template = 1 [
        (validate.rules).string = {min_len: 1, max_len: 200},
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
          min_length: 1;
          max_length: 200;
          example: "\"https://example.com/otp/verify?userID={{.UserID}}&code={{.Code}}\"";
-          description: "\"Optionally set a url_template, which will be used in the mail sent by ZITADEL to guide the user to your verification page. If no template is set, the default ZITADEL url will be used.\""
        }
      ];
    }
--- a/proto/zitadel/user/v2/auth.proto
+++ b/proto/zitadel/user/v2/auth.proto
@@ -15,13 +15,16 @@ enum PasskeyAuthenticator {
 }

 message SendPasskeyRegistrationLink {
+  // Optionally set a url_template, which will be used in the mail sent by ZITADEL to guide the user to your passkey registration page.
+  // If no template is set, the default ZITADEL url will be used.
+  //
+  // The following placeholders can be used: UserID, OrgID, CodeID, Code
  optional string url_template = 1 [
    (validate.rules).string = {min_len: 1, max_len: 200},
    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
      min_length: 1;
      max_length: 200;
      example: "\"https://example.com/passkey/register?userID={{.UserID}}&orgID={{.OrgID}}&codeID={{.CodeID}}&code={{.Code}}\"";
-      description: "\"Optionally set a url_template, which will be used in the mail sent by ZITADEL to guide the user to your passkey registration page. If no template is set, the default ZITADEL url will be used.\""
    }
  ];
 }
--- a/proto/zitadel/user/v2/email.proto
+++ b/proto/zitadel/user/v2/email.proto
@@ -39,13 +39,16 @@ message HumanEmail {
 }

 message SendEmailVerificationCode {
+  // Optionally set a url_template, which will be used in the verification mail sent by ZITADEL to guide the user to your verification page.
+  // If no template is set, the default ZITADEL url will be used.
+  //
+  // The following placeholders can be used: UserID, OrgID, Code
  optional string url_template = 1 [
    (validate.rules).string = {min_len: 1, max_len: 200},
    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
      min_length: 1;
      max_length: 200;
      example: "\"https://example.com/email/verify?userID={{.UserID}}&code={{.Code}}&orgID={{.OrgID}}\"";
-      description: "\"Optionally set a url_template, which will be used in the verification mail sent by ZITADEL to guide the user to your verification page. If no template is set, the default ZITADEL url will be used.\""
    }
  ];
 }
--- a/proto/zitadel/user/v2/password.proto
+++ b/proto/zitadel/user/v2/password.proto
@@ -37,13 +37,16 @@ message HashedPassword {

 message SendPasswordResetLink {
  NotificationType notification_type = 1;
+  // Optionally set a url_template, which will be used in the password reset mail sent by ZITADEL to guide the user to your password change page.
+  // If no template is set, the default ZITADEL url will be used.
+  //
+  // The following placeholders can be used: UserID, OrgID, Code
  optional string url_template = 2 [
    (validate.rules).string = {min_len: 1, max_len: 200},
    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
      min_length: 1;
      max_length: 200;
      example: "\"https://example.com/password/changey?userID={{.UserID}}&code={{.Code}}&orgID={{.OrgID}}\"";
-      description: "\"Optionally set a url_template, which will be used in the password reset mail sent by ZITADEL to guide the user to your password change page. If no template is set, the default ZITADEL url will be used.\""
    }
  ];
 }
--- a/proto/zitadel/user/v2/user.proto
+++ b/proto/zitadel/user/v2/user.proto
@@ -286,6 +286,8 @@ enum AuthFactorState {
 message SendInviteCode {
  // Optionally set a url_template, which will be used in the invite mail sent by ZITADEL to guide the user to your invitation page.
  // If no template is set, the default ZITADEL url will be used.
+  //
+  // The following placeholders can be used: UserID, OrgID, Code
  optional string url_template = 1 [
    (validate.rules).string = {min_len: 1, max_len: 200},
    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {