Appending Extra Parameters To Password Reset URL

I recently came up with a work-around, and I just want to know if it is okay to do this or not.

I’ll start off by explaining the process from start to finish:

My users have a “user.user_metadata” that contains their language preference, called “locale_code”.

I use Lock to perform both Logins and Password Reset requests.

When the user requests for a password reset, they trigger Auth0’s hosted Email Template for “Change Password”.

Inside the “Change Password” email template, it contains a “{{ url }}” variable.

When the user gets the email and clicks on the “{{ url }}” that got generated, they are taken to Auth0’s “Password Reset” page.

On that “Password Reset” page, I need to know the user’s Language Preference.

At the moment, the “Change Password” email template has access to the user’s meta_data, but the “Password Reset” page does not have access to the user’s meta_data.

I noticed that I can append the user’s meta_data in the “Change Password” email template by doing the following:

“{{ url }}&locale_code={{ user.user_metadata.locale_code }}”

This way, once at the “Password Reset” page, I can use JavaScript to extract the URL Parameter “locale_code”, and thus be able to set the Dictionary appropriately.

Is it okay to append my own extra parameters to the Password Reset URL this way?

1 Like