For reference for anyone that stumbles upon this, as the web app I work on requires to user to be logged in to do anything, I just changed my back to login link to api/auth/logout which effectively kills the current active system, and forces the user back to the login page, which in turn contains the ‘forgot password’ link.
Let so many things I’ve encountered on auth0, not an ideal solution, but it works. 