Auth0 Home Blog Docs

How to ensure the expiry of obsolete change password links?

password-reset
change-password
email

#1

I’m trying to figure out a way to expire all the obsolete change password links when a new link is sent to the user.

Change password ticket in auth0 handles this scenario very easily, but I’m not able to figure out how it does so.


#2

Can you describe why you’d want to do this, seeing as password reset is a built-in feature of Auth0?


#3

Yes, @prashant I know that password reset is a built-in feature of Auth0, but it has got limitations when it comes to the customization of hosted reset password page. So, I don’t want to use the password change ticket(which redirects the user to that hosted reset password page). Instead, I want to create my custom URL which redirects the user to the reset password page of my application.


#4

Our recommendation is to use the built-in password reset functionality, as this addresses several security considerations that would arise if you choose to implement this yourself. As the functionality you are trying to implement is not supported by Auth0, I suggest following this up in a more generic developer support platform, such as StackOverflow.


#5

Thanks for the recommendation @prashant. I totally agree with you. But It would be good if we can have a self-hosted reset password page or if the Auth0 hosted reset password page can be fully customized.


#6