Force a Password Reset After a Certain Amount of Days

Get Help
,
1

Hello,

I’m trying to set up the post-login action from this article:

I have it in place and no errors in test, but its not actually sending the email, no errors of any sort either. I know its applying to the login by changing the email in the list to trigger the force-reset to true because I’m getting redirected after login but I don’t get the email to actually reset my password. Does anyone have any suggestions how to troubleshoot this?

Thanks,

Doug

I

3

Hi @doug.auth0dev

Welcome to the Auth0 Community!

Since the redirect is successfully triggering, we know the if statement evaluating the user’s password age is working perfectly. The missing email is almost always caused by one of three things: an un-await-ed asynchronous API call, a swallowed Management API error (like missing permissions), or an upstream Email Provider delivery failure.

Before changing any code, let’s see if Auth0 actually tried to send the email.

  1. Go to your Auth0 Dashboard > Monitoring > Logs .
  2. In the search bar, type: type:fn (Failed Notification).
  3. If you see an fn log at the exact time of your test, the code is working, but your Email Provider configuration blocked the email delivery.
    If there are no logs, the request is dying in the Action. Open your Post-Login Action and wrap the password reset API call in a strict try/catch block.

Ensure your code structure looks exactly like this, with the await keyword explicitly halting the redirect until the email resolves:

const axios = require("axios");

exports.onExecutePostLogin = async (event, api) => {
  // ... your logic to check if they need a reset ...
  if (needsReset) {
    try {
      const response = await axios.post(`https://${event.secrets.DOMAIN}/dbconnections/change_password`, {
        client_id: event.secrets.CLIENT_ID,
        email: event.user.email,
        connection: event.connection.name
      });
      
      console.log("Success! API Response:", response.data);

    } catch (error) {
      console.error("API Call Failed:", error.response?.data || error.message);
    }

    api.redirect.sendUserTo("https://your-app.com/password-reset-notice");
  }
};

After deploying the updated Action, test the login flow again. Then, go back to your Auth0 Logs, find the latest Failed Login or Success Exchange log, and click the Action Details tab. Look at the console.log output. You can also use the real time action logs in case the default ones does not show any new logs or action execution windows.

  • If you see a 403 Forbidden error, you need to go to your Auth0 Dashboard > Applications > APIs > Auth0 Management API, and ensure your M2M Application is authorized with the correct scopes.

Looking forward to your answer!

Kind Regards,
Nik

4

Hi again!

Since I have not heard back from you regarding the matter, I will be marking my previous reply as the solution to the matter.

If you have any other questions, let us know!

Kind Regards,
Nik

5

Hello, apologies for the delay. I did not see any failure to send logs. I’m trying to update the action, however the issue is this must come from a different template since my action is “forceToReset” not “needsReset” so it’s not a clean copy paste action. below is my current action:

// if the password needs to reset, call the /change-password endpoint

if (forceToReset) {

const sendPasswordResetEmail = () => {

  var options = {

    method: 'POST',

    url: 'https://auth0 tenant domain/dbconnections/change_password',

    headers: { 'content-type': 'application/json' },

    data: {

      email: event.user.email,

      connection: event.connection.name,

      state: event.user.state

    },

  };

  try {

    axios.request(options).then(function (response) {

      console.log("Response: ", response.data);

    });

  } catch (error) {

    console.error(error);

  }

};

// call the function created priorly

sendPasswordResetEmail();

// logout the user and redirect him to a custom URL containing the follow-up steps

let client = event.client.client_id;

let logout_url = 'https://auth0 tenant domain/v2/logout?client_id=';

api.redirect.sendUserTo(logout_url + client, {

  query: { returnTo: https://specific_URL },

});

}

};
6

ok I got the pieces put together and was able to see the logs in live monitor. it looks like the address call is failing to find an address. will work on that.

7

current status is if ${event.secrets.DOMAIN} is being used I get a getaddrinfo ENOTFOUND undefine error, if I put our actual domain it gives a requires_verification error:

API Call Failed: {
statusCode: 401,
description: ‘Suspicious request requires verification’,
name: ‘requires_verification’,
code: ‘requires_verification’ *
*
Claude is telling me that’s because the actions service needs to have our M2M id and secret

8

ok last update for today… with Cludes help I moved away from the send email action to a create password reset ticket (which should send the email). I’m at the point the logs show the ticket being created but I’m still not getting the email and still I’m not getting any failed notifications. getting closer I think though