Background:
We have in time migration enabled. We are trying to enable user to login/reset-password/change email using both portals (auth0 and legacy).
For non migrated users, we have customised/overridden getByEmail script for password recovery flow in our system. It only sends a password recovery request to our system for the specified email and returns nothing (for security purpose). For the getByEmail script, we are returning a dummy user with only email address, as we don’t want to return the actual user information without password. This flow works just fine.
But on the other side, we are using Management API, and using update person endpoint i.e., /api/v2/users/{id} . For the email changes, as discussed before in other threads that auth0 triggers getByEmail script to check if the email is not being used in legacy system as well. We are not sure now how to customise this getByEmail script for both purpose i.e, reset flow as well as check if the user exists, without disclosing the user information.
Please assist.