The option 1 is recommended because Auth0 controls the email delivery to a relevant user (the user’s identity is verified because only the relevant user has access to their email inbox - this way preventing an impostor from taking control over the password change).
Some customers prefer taking control over the flow (one case I remember was the customer with many different customers (b2b) and applications and they preferred to trigger the email delivery with a reset link on their backend with their own templates, hosted on their servers).
However, please note that with the default flow (option 1), you can still customize the email templates with liquid syntax and extend the flow with the Actions feature.
Please let me know if there are any other questions on that!