Action Required: Password reset and email verification links removed from tenant logs

Hello everyone! We are committed to ensuring the security and privacy of your data. With this in mind, we are making changes to enhance the security of our platform. Password Reset and Email Verification links will be removed from tenant logs as of February 5, 2024.

What is changing?

We are deprecating the functionality that logs plaintext Password Reset and Email Verification links within tenant logs. These links are created upon the creation of a Password Reset and Email Verification ticket using the Management API endpoints (api/v2/tickets/password-change or /api/v2/tickets/email-verification).

Password Reset and Email Verification links will be removed from tenant logs as of February 5, 2024.

Why are we making this change?

As mentioned above, our primary goal is to ensure the highest level of security and privacy for our users. Removing the plaintext Password Reset and Email Verification links from the logs is a step towards reducing potential misuse and enhancing overall system security.

What action do you need to take?

No action is required from customers regarding this change. However, if you have been using the Password Reset and Email Verification links from the logs, you should now retrieve them from the response of the Password Reset or Email Verification request.

Additional assistance

Feel free to comment down below if you have any questions.

Please can you clarify by using the links from the logs? it is not very clear for me

1 Like

can you please clear me about tenant logs

2 Likes

Hi Rueben,
we can retrieve them from the response of the Password Reset or Email Verification request.
Not able to get it, as we are using AWS SES for retrieving tracking from tenant logs. SO could you please elaborate how we can use it with AWS SES now after the changes. it would really be helpful in configuring as per new changes from Auth0

1 Like

@rueben.tiow Can you help us with this question? The documentation does not show that POST /api/v2/tickets/password-change will be deprecated.