Cannot generate a change password url with a custom domain

I have set up a custom domain and it’s working well for user-facing pages. I also use the default API identifier to access the Management API from my server, as per this answer: API access using the custom domain - #3 by rueben.tiow

The problem is that the Management API only allows me to use the default API Identifier domain which looks like: https://MY_DOMAIN.REGION.auth0.com and then therefore returns a password-update url with that domain.

This isn’t just a cosmetic problem, having different domains where users log in and where they change their password means that password managers don’t work correctly.

I’m looking for a solution that lets me generate password change urls using my custom domain.

I really don’t want to host the password change myself and then update the user via the Management API, but that’s my backup plan if I can’t get this more secure method working.

I’m using the auth0 node.js library, so the request looks like: auth0.tickets.changePassword({ user_id: userId });

Hi @bigmac1890,

Welcome to the Auth0 Community!

I have just tested this on my end and was able to generate the change password ticket with my custom domain using the following cURL command:

curl -L 'https://your_domain.region.auth0.com/api/v2/tickets/password-change' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
--data-raw '{"result_url":"string","user_id":"string","client_id":"string","organization_id":"string","connection_id":"string","email":"user@example.com","ttl_sec":0,"mark_email_as_verified":false,"includeEmailInRedirect":true}'

The password change ticket that I generated automatically used my custom domain even though I supplied my canonical domain in the cURL command.

This also worked when using the ManagementClient:

const ticket = await management.tickets.changePassword({user_id:'auth0|0123456789'})
console.log(ticket)

Thanks,
Rueben