This is quite similar to other password reset questions but a bit more specific.
We have an invite-only SPA, and I have checked out the invite-only workflow (Send Email Invitations for Application Signup). I understand that there would be a redirect to our own change password page for the user to ‘set’ their password.
What I am wondering is if there are any plans to expose the ability (via the Management API) to create a password change URL to which we can redirect. This would show the Auth0 change password dialog (/lo/reset?ticket=< ticket# >
). I don’t believe this breaks the Change Password security flow since the redirect is created by our server on first time login.
The benefit, in addition to UI consistency (since this dialog comes from Hosted Page for Password Reset), is that we do not have to do custom handling of the password complexity rules.
Note that I looked at the Auth0ChangePassword widget source but it seems it really is quite dependent on the reset URL parameters. There is no API documentation on this widget so its a bit difficult to figure out if it can be reused by our own custom change password page - say by intercepting the submit to send back to our server to update the password via the Management API?
Or am I misunderstanding things as a Auth0 newbie?