when i clicked on don’t remmeber my password it will ask me for email to reset password but there is no way to check when i enter an email that this email exists in database or not.
as in current scenario it will send link to any email i am inserting without checking there that it is valid email or not.
so i want to build this functionality when inserting email in forgot password textbox
Welcome to the Auth0 Community!
I understand you have some questions about the password reset flow, specifically with being able to submit any email address.
Unfortunately, this is designed on purpose to prevent malicious actors from determining whether users have an existing email address. With this information, they can find either lock them out of their account by repeatedly submitting wrong email and password combinations or directly breaching the user’s account.
For now, the only option is to modify the success message when a user successfully performs the password reset flow.
To do so, you’ll need to go to your Universal Login Custom Page and include the following to your code:
var lock = new Auth0Lock(config.clientID, config.auth0Domain, {
languageDictionary: {
success: {
forgotPassword: "We've just sent you an email to reset your password."
}
// redacted for brevity
}
After doing so, you can set your custom success password reset message.
Finally, you may find our Language Dictionary Object and https://auth0.com/docs/libraries/lock/lock-configuration documentation helpful.
Please let me know if there’s anything I can do to help.
Thank you.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.