Custom Database Change Password script won't pass username

I am using a custom database, with “Requires Username” enabled. In the custom Login script, I can receive either a username or an email as part of the call.

However, trying to work through the Change Password flow, it will not accept a username, and passes only an email. A validation blocker pops if the entry is not a valid email.

There are several closed posts here either giving misinformation on a solution, or saying that there is a feature/bug for this and dev team is aware. This is a blocker for our organization, since we have multiple users associated with same email (in different logical groups) and cannot uniquely identify them without username.

Can you please update on what the ETA is, or give a link to the existing feature/bug so we can view priority?

It’s honestly completely broken for custom databases if they can signup and login using username, but can only change password using email. The same identifier needs to be used throughout, and I would hope this issue gets escalated accordingly.

Hi @jpf_auth0

Welcome to the Auth0 Community.

I just reviewed this in our system and this is still in backlog status (with no ETA just yet). I would suggest you provide some feedback here about this citing your use case as this helps our product teams gauge demand for certain features.

Warm regards.

Thanks, this is the same response I’ve seen put on every other report of this same issue stretching back for months. Please don’t mark it as “solved” - the issue is not “solved”. There is no workaround.

Essentially, what appears to have happened is, for custom databases, a new feature was added: “Requires username”. Only someone missed that they needed to update all the scripts that participate in that flow.

So bottom line, that feature is unusable if part of the flow cannot be implemented (in this case, specifically, migrating users and resetting/forgot password flow). Literally, unusable.

I have reported feedback, and am in contact with our support contact at auth0 (whose response was the same: report feedback), so please, do your best to escalate.