Hey @BlackDev, here’s how password reset works in this scenario:
- User submits password reset request.
- Auth0 sees that this user is not in Auth0, so it checks the custom DB (using Get User script)
- Get User script returns a profile, because the user is there
- Auth0 keeps a temporary record of this profile, and the user is sent a password reset email
- User enters new password by following link in email
- Auth0 pulls up that temporary profile and assigns the new password.
- Later, the user logs in with the new password.
- Now Auth0 verifies the password with the password in temporary profile.
- If passwords match, an actual profile is created for the user, and they are also logged in.
So, going back to your original question:
the user isn’t created in auth0
The user is created only at step 9. In step 6, no user is created and this is by design. In truth, there’s a temporary user profile behind the scenes, which is exposed only after the user logs in for the first time. (I agree this is slightly confusing, but that’s how it is for now)
the custom database hasn’t changed either
This is expected because your custom DB has ‘Import mode’ turned on. No changes will be written in the custom DB and all changes will be done in Auth0 side.
Does that help? If you see anything different from this behavior let us know and we’ll investigate.