Auth0 Home Blog Docs

combine email verification & password reset

password-reset
verification-email

#1

I have an application where I’d like users to be able to invite others by email address.

I can create the users via the management API, but I would have to send 2 separate emails - first to verify the email, and then to do a password reset (as their password was set to some random value).

Is there any way to combine these 2 into one? So that when their password is reset, it automatically gets verified as well? Some sort of a rule or hook?

thanks,
imran


#2

I might be missing something, but if you create the user manually with a random non-guessable password, request that no verification email is to be sent, set the email verified flag from the start to be true and then trigger a password reset then the only way the user could possibly authenticate with success would be by completing the reset password flow. This would imply that any user that completes the flow is the respective owner of the email address given the password reset was delivered by email so having set the email verified to true during user creation should not be an issue.


#3

@jmangelo I understand that you are suggesting triggering a password reset to both verify email and set a password in the situation admin25 is describing (inviting users by email, and creating through management API).

How can we then send separate emails depending on whether this is first contact with a new user vs an actual password reset request from user? I want to configure the password reset email template to display something different depending on where the password reset request was generated, but can’t find a way to determine in the email template what kind of request this is.


#4

@jmangelo I understand that you are suggesting triggering a password reset to both verify email and set a password in the situation admin25 is describing (inviting users by email, and creating through management API).

How can we then send separate emails depending on whether this is first contact with a new user vs an actual password reset request from user? I want to configure the password reset email template to display something different depending on where the password reset request was generated, but can’t find a way to determine in the email template what kind of request this is.


#5

There’s no easy approach to do that level of customization to the reset password email template sent from Auth0; I’m not saying it is impossible, but I would not even try it. I would instead consider just sending that initial one-time highly customized email directly from your own system. You can generate a password reset ticket through the API endpoint and still include that link in your email.


#6