Overview
This article provides a potential solution for a user to reset their password while logged in if they feel it is needed. Ordinarily, password resets are performed on the Universal Login page once a user is redirected to that page. This article details an alternative method for users already authenticated.
NOTE: This approach is one potential solution and requires thorough testing in a lower environment before production use, as Auth0 does not officially document this use case.
Applies To
- Password reset
Solution
A possible solution to enable a logged-in user to reset their password without redirection is listed below:
- Place a link on the application’s user profile page. This link should load a modal window or a similar User Interface (UI) element.
- From this window, make an API call to the Auth0 Management API endpoint for creating a password change ticket. Pass either the user_id or the email and connection_id in the API call.
- Upon a successful API response, display the password change ticket link provided in the response to the user.
- When the user selects this link, they are redirected to the password reset flow.
NOTE: Updating a user’s password terminates their Auth0 session. Configure the application with a default login route to enable the user to sign in with the new password. For more information on how updating user profile attributes can affect sessions, refer to the Auth0 article: Changing certain profile attributes terminates session.