Hi retool team, we’re on the Business plan. We’re seeing login and password reset issues affecting multiple external users. We’re unable to reproduce the issue, which is making this difficult to debug. The domain we are using is https://platform.getrevdup.com/
What’s happening:
Users cannot log in with the email and password combination they originally signed up with.
Password reset emails are not received.
When requesting a new reset link, they see: “An invalid login link was provided. Please request a new link.”
If they manually copy the reset link from the email into an incognito or normal browser window, nothing happens.
In some cases, where we provided users with the link from “Copy reset password link” as an admin from settings → users, the reset page froze for them after submitting a new password.
We created separate test accounts (same access level as affected users), and everything works correctly. However, this has happened to multiple external users, so it’s not an isolated case. One strange behavior we noticed while testing is that even though we’re using a custom domain, when users use passwordless login (email link), the link redirects to:
@jrdata No, we’re using the default Retool-managed login, password reset, and email reset pages. The only change we’ve made is verifying our domain; everything else remains set to default.
In the Branding settings, the password reset email appears to correctly reference platform.getrevdup.com. However, when a user actually requests a reset link, the email they receive directs them to revdup.retool.com instead.
I’ve attached a screenshot of the Branding page configuration, as well as a copy of the actual passwordless login email received (for a user where the flow is working), for reference.
Hi there! I'm so sorry - I promised you an answer earlier. I have been digging through our logs, and unfortunately, I don't see any errors. It's strange - on our side, I see the same logs for the impacted users vs when you go through the process
I would love to know if there are console errors, but totally understand if you can't ask your external users that.
I will let you know when I hear back from our engineering team if they have any ideas
Thanks @Tess, any further insights would be appreciated from the engineering team. In the meanwhile, I can ask the affected users to share more details if helpful (e.g. their location, weather or not they are using a VPN, their browser version, network type, a screen recording of the issue etc.). Just let me know what kind of insights would be most useful for you guys to debug this issue.
Also, do you think it would helpful as a temporary workaround to ask affected users to try logging in via Google SSO while we investigate the Retool-managed login/password reset flow? My assumption is that building a custom login page would likely lead to the same outcome since it triggers the same underlying auth events as the Retool workflow, but I can ask users to use Google SSO to maybe bypass whatever is failing for this subset of users.
Additionally, were you able to determine why the passwordless Login link is pointing to the Retool domain rather than our custom-branded domain (this happens for all users)?
I still haven't tracked down a bug for the blank page/un-ability to reset, but checking in here.
I have confirmed the passwordless login link issue is a bug, unfortunately. I don't have an eta for a fix, but I will follow up here when the fix ships.
I checked the codebase for the “An invalid login link was provided. Please request a new link.” error, and it indicates they are using an expired token. It looks like they are trying to use the link shortly after it is generated, but maybe they've requested it too many times
Yes, I think it's worth trying Google SSO if it isn't too much of a lift. That could help narrow down the scope of the is
One of the user emails that you shared in office hours had a password reset link emailed to them on 2/17/26, but it was flagged as spam. Can we have any users not receiving emails make sure they are allowing emails from no-reply@email.retool.com
Hey @Shirjeel_Ahmed1 – I’m an engineer on the Retool team who’s been taking a look into this as well. I’ve landed a fix for the custom domain + passwordless login bug that should go out tomorrow.
Will continue taking a look at the login/reset issues
