Auth0 Home Blog Docs

Auth0 Management API password-change not sending email

password-reset
password
change-password

#1

I am trying to set up an invite-only application based on the following auth0 tutorial: https://auth0.com/docs/design/creating-invite-only-applications#summary. The email verification endpoint worked as expected however the password reset endpoint is not sending an email. I have set up my own email client, the Auth0 Lock password reset is working and I received a 404 Not Found response when I attempted to implement this fix Issue with password reset mail not being sent. Could you please help, thank you.


Auth0 password and/or email silently changed
#2

There is apparently an outage that has yet to be resolved. Unfortunately the incident reporting page is also broken so we don’t know what the current state is:

https://status.auth0.com/incidents/d0fhf3hb94d0


#4

This is different from the outage that @markd mentions as that ended up being user error.

Can you send us sample code showing what you’re doing (minus any sensitive info) and we can help you troubleshoot?


#5

No problem, thanks for the reply.
I’m issuing all my requests via Postman, the curl equivalent for my password change request is as follows:

Request:

curl -X POST \
  https://MY_AUTH0_DOMAIN/api/v2/tickets/password-change \
  -H 'Authorization: Bearer  <token>' \
  -H 'Cache-Control: no-cache' \
  -H 'Content-Type: application/json' \
  -d '{ "result_url": "AppURLCallback", "user_id": "USER_ID", "ttl_sec": 0 }

The token was got from the API explorer section of Auth0 Management API.

Response:

{
    "ticket": "<Reset Password URL>"
}

For the disabled template fix my request was:

Request:

curl -X PUT \
  https://MY_AUTH0_DOMAIN/api/emails/reset_email \
  -H 'Authorization: Bearer <token from /oauth/token>' \
  -H 'Cache-Control: no-cache' \
  -H 'Content-Type: application/json' \
  -d '{"disabled":false}

Response:
Not Found

Auth0 Logs report “Success Change Password Request” after each POST attempt but no email is received.

Thanks for the help


#7

Is there any update on this issue? In addition to not receiving the email, using the ticket in the response body does not trigger the “Verify user email with password reset” rule


#8

You need to send a

verify_email: true

in order for it to send the verification email. It’s sorta identified in https://auth0.com/docs/api/management/v2#!/Users/patch_users_by_id but we’re working on updating that documentation


#9

Thanks for the reply Jeremy, I may be misunderstanding you but I don’t require a verification email to be sent, the issue is that using the url in the password change response:

https://My_Domain.auth0.com/lo/reset?ticket=[ticket]

Does not trigger my “Verify user email with password reset” rule which is unchanged from the default rule supplied by auth0. I am not using the verify email endpoint anymore as, for my set up, it makes more sense to reset the password and verify email in one go, as all user sign-ups are done within our company.


#11

:wave: @hhdev For the verify user email with password reset are you referring to this https://github.com/auth0/rules/blob/master/rules/verify-user-email-with-password-reset.md ? Because that will mark the user as verified as soon as they reset the password. So it only runs after the next time they login (after password reset is successful). What email provider are you using?


#12

Thanks for the reply Kim, I didn’t realize the rule required the next login to trigger, thanks. However, the original issue still persists. I am using outlook with SMTP to send the emails. The test emails work just fine, as do the password reset emails triggered the auth0 lock, however, the “https://MY_AUTH0_DOMAIN/api/v2/tickets/password-change” API is still not sending emails, though the URL from its HTTP response does work.


#13

Is this issue any closer to being resolved, as stated in the original question, I am receiving password reset emails when I reset my password through the Auth0 Lock but no email is sent when the https://MY_AUTH0_DOMAIN/api/v2/tickets/password-change API endpoint is it even though it returns a valid password reset URL in its response.


#14

This is expected behaviour for the ticket API. All that does is create the URL to reset the password, it doesn’t actually send an email. That’s super useful for cases where you might want to control sending emails yourself, or need such a ticket URL for a different use case.

For your particular use case, I think you’re looking for the Change Password section of the Authorization API. Calling that API does send an email.


#15

Thanks very much thijmen96, it’s working now.


#16

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.