Change Password Flow

idm_hunt · March 31, 2024, 4:32pm

Hi Team,

An admin has two options to trigger a password reset on behalf of user through the API.

Using the Authentication API. This method auto sends the password reset email.
Using the management API. This method generates the URL and admin has to manually send the email including the URL.

We are leaning towards Option1, and would like to know if are not foreseeing any limitations in it.

Thanks
idm_hunt

marcelina.barycka · April 3, 2024, 10:35am

The option 1 is recommended because Auth0 controls the email delivery to a relevant user (the user’s identity is verified because only the relevant user has access to their email inbox - this way preventing an impostor from taking control over the password change).

Some customers prefer taking control over the flow (one case I remember was the customer with many different customers (b2b) and applications and they preferred to trigger the email delivery with a reset link on their backend with their own templates, hosted on their servers).

However, please note that with the default flow (option 1), you can still customize the email templates with liquid syntax and extend the flow with the Actions feature.

Please let me know if there are any other questions on that!

system · April 17, 2024, 10:36am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Want to create action where after user is created a change password email is sent to them Help user-management , user-password-management	2	235	May 3, 2024
Welcome Email -> Password Change Help	3	4273	February 22, 2022
Send password in verification email Help	5	3255	September 9, 2021
Auth0 Invite User Help management-api , users	2	1663	March 4, 2023
Send Password Set email Help management-api , users	1	1066	November 28, 2022

Change Password Flow

Related Topics