Authenticate and prompt user password change with a single email

Lee_Peters · February 2, 2021, 6:30pm

I am seeking to authenticate a new Username-Password-Authentication user type AND allow them to immediately change their password with a single e-mail action. Surely I’m missing something since this seems to be a fairly simple and common operation. But can’t seem to figure it out. Has anyone had success doing this?

The desired workflow, ideally via Auth0 dashboard and not API or Rules, would be:

a new user is manually added and given a temporary password
an authentication email is sent to a given user
that authentication email provides that user with a single link which…
3a) authenticates their email and…
3b) allows them to change their password

Thanks and let me know if I can provide further clarification.

Update: I see in @ssingh’s post that prompting a password change will also verify an email. Do the Auth0 folks agree that sending a password change email to new users would be an acceptable workaround?

stephanie.chamblee · February 3, 2021, 1:44pm

Hi @Lee_Peters,

Yes! That is one of the options listed in our email invitation guide: Send Email Invitations for Application Signup

Let us know if you have additional questions!

Lee_Peters · February 3, 2021, 2:33pm

Thanks for the quick reply @stephanie.chamblee! This process looks exactly like what we’re trying to achieve but potentially a more code heavy than what I was hoping for. In what environment should this be done? Within a Rule? Within our API’s back end (hoping to avoid)? All stupid questions, I know, but I’m new to Auth0 and relatively new to coding in general so further clarification would be helpful.

stephanie.chamblee · February 3, 2021, 7:44pm

Reasonable questions!

If you are manually creating users to a database connection, you can set up a Hook to send the change password request.

In the email template section of your dashboard, disable the “Welcome Email” template and the “Email Verification” template by turning off the “Status” toggle. Make sure that “Change Password” is enabled.
Go to Hooks and scroll down to “Post User Registration” and click “Create new hook”
Use the following code to send a password reset email whenever a user is manually created for your tenant:

module.exports = function (user, context, cb) {
  var auth0 = require('auth0@2.32.0');
  var authClient = new auth0.AuthenticationClient({
    domain: 'example-connections.us.auth0.com',
    clientId: 'YOUR_APP_CLIENT_ID',
    clientSecret: 'YOUR_APP_CLIENT_SECRET',
  });

  var userAndConnection = {
    email: user.email,
    connection: 'Username-Password-Authentication',
    connection_id: context.connection.id,
  };

  authClient.requestChangePasswordEmail(userAndConnection, function(err){
    cb(null, user, context);
  });
};

After you set up the Hook, an email will be sent to users inviting them to change their password.

You will then need to update the email template to make it look more like a welcome email than a change password email. Here are docs on customizing email templates: Customize Email Templates

Lee_Peters · February 3, 2021, 9:14pm

Worked perfectly! You’re the best, @stephanie.chamblee - thanks again!

system · February 21, 2021, 9:27am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.