Auth0 Home Blog Docs

Ability to generate password reset URL?



This is quite similar to other password reset questions but a bit more specific.

We have an invite-only SPA, and I have checked out the invite-only workflow ( I understand that there would be a redirect to our own change password page for the user to ‘set’ their password.

What I am wondering is if there are any plans to expose the ability (via the Management API) to create a password change URL to which we can redirect. This would show the Auth0 change password dialog (/lo/reset?ticket=< ticket# >). I don’t believe this breaks the Change Password security flow since the redirect is created by our server on first time login.

The benefit, in addition to UI consistency (since this dialog comes from Hosted Page for Password Reset), is that we do not have to do custom handling of the password complexity rules.

Note that I looked at the Auth0ChangePassword widget source but it seems it really is quite dependent on the reset URL parameters. There is no API documentation on this widget so its a bit difficult to figure out if it can be reused by our own custom change password page - say by intercepting the submit to send back to our server to update the password via the Management API?

Or am I misunderstanding things as a Auth0 newbie?


I think I may have answered my own question, being the use of tickets in the ManagementAPI (after a bit of sniffing around) - I don’t see this mentioned anywhere else.

Specifically, the!/Tickets/post_password_change ticket which will result in a change password ticket URL, with optional callback redirect.

One question is how to get the connection_id to be specific for a database connection, but I see the con_XXX in the connection’s URL in the dashboard, which is a bit mysterious.


The connection_id is a parameter that can be specified in the request, if you are triggering a password reset for an email rather than user_id. If you use user_id, no connection_id is required, as this will be determined from the user’s profile.