Hi everyone, I’m building a flow in my app where authenticated users can change their password directly from the UI without needing to go through an email link. Setup & Goal My users are in a “Username-Password-Authentication” database connection. I’m using a custom backend (NestJS) with M2M Auth…

Hi @ines.s Welcome to the Auth0 Community! As long as the M2M credentials and the endpoint is not exposed without unnecessary scopes, the approach you have described seems to be safe. I would highly recommend to review our documentation regarding common issues with the Resource Owner Password Flow .…

Changing User Password with Resource Owner Password Flow – Is It Safe or Should?

Get Help

ines.s April 15, 2025, 11:44pm 4

Thank you so much for the response and clarification — really grateful for the help!

Topic		Replies	Views
I want to implement a passwordless directly on Backend Side using M2M Get Help management-api , users	2	516	November 15, 2023
Can I login from the management api, and then trigger password change? Get Help password , change-password , login	4	5411	August 30, 2019
Action on M2M Resource Owner Password Grant Get Help configuration , application	3	315	April 2, 2024
Safely delete a user via Management API Get Help delete-user	3	4103	June 2, 2020
Change password validation Get Help password , change-password , set-password	10	12473	February 13, 2020

Changing User Password with Resource Owner Password Flow – Is It Safe or Should?

Related topics