Auth0 Home Blog Docs

Auth0 Management API password-change not sending email

password-reset
password
change-password

#1

I am trying to set up an invite-only application based on the following auth0 tutorial: https://auth0.com/docs/design/creating-invite-only-applications#summary. The email verification endpoint worked as expected however the password reset endpoint is not sending an email. I have set up my own email client, the Auth0 Lock password reset is working and I received a 404 Not Found response when I attempted to implement this fix Issue with password reset mail not being sent. Could you please help, thank you.


Auth0 password and/or email silently changed
#2

There is apparently an outage that has yet to be resolved. Unfortunately the incident reporting page is also broken so we don’t know what the current state is:

https://status.auth0.com/incidents/d0fhf3hb94d0


#4

This is different from the outage that @markd mentions as that ended up being user error.

Can you send us sample code showing what you’re doing (minus any sensitive info) and we can help you troubleshoot?


#5

No problem, thanks for the reply.
I’m issuing all my requests via Postman, the curl equivalent for my password change request is as follows:

Request:

curl -X POST \
  https://MY_AUTH0_DOMAIN/api/v2/tickets/password-change \
  -H 'Authorization: Bearer  <token>' \
  -H 'Cache-Control: no-cache' \
  -H 'Content-Type: application/json' \
  -d '{ "result_url": "AppURLCallback", "user_id": "USER_ID", "ttl_sec": 0 }

The token was got from the API explorer section of Auth0 Management API.

Response:

{
    "ticket": "<Reset Password URL>"
}

For the disabled template fix my request was:

Request:

curl -X PUT \
  https://MY_AUTH0_DOMAIN/api/emails/reset_email \
  -H 'Authorization: Bearer <token from /oauth/token>' \
  -H 'Cache-Control: no-cache' \
  -H 'Content-Type: application/json' \
  -d '{"disabled":false}

Response:
Not Found

Auth0 Logs report “Success Change Password Request” after each POST attempt but no email is received.

Thanks for the help


#7

Is there any update on this issue? In addition to not receiving the email, using the ticket in the response body does not trigger the “Verify user email with password reset” rule


#8

You need to send a

verify_email: true

in order for it to send the verification email. It’s sorta identified in https://auth0.com/docs/api/management/v2#!/Users/patch_users_by_id but we’re working on updating that documentation


#9

Thanks for the reply Jeremy, I may be misunderstanding you but I don’t require a verification email to be sent, the issue is that using the url in the password change response:

https://My_Domain.auth0.com/lo/reset?ticket=[ticket]

Does not trigger my “Verify user email with password reset” rule which is unchanged from the default rule supplied by auth0. I am not using the verify email endpoint anymore as, for my set up, it makes more sense to reset the password and verify email in one go, as all user sign-ups are done within our company.