Auth0 Home Blog Docs

How to use "password reset API"?

auth0
api
password-reset

#1

I’m Japanese.
So maybe my English is bad.
Sorry.


I want to use “password reset API” in Auth0.
However, I can’t.

Using PHP7 and Guzzle.

$data = [
    'form_params' => [
        'client_id' => 'CLIENT_ID',
        'result_url' => 'http://localhost/password_reset/confirm',
        'connection_id' => 'CONNECTION_NAME',
        'email' => 'MAIL@ADDRESS',
        'ttl_sec' => 0,
    ],
    'header' => [
        'content-type' => 'application/json',
    ]
];


$result = $this->Guzzle->guzzleRequest('POST', https://API_NAME.auth0.com/api/v2/tickets/password-change, $data);

It’s returned {"statusCode":401,"error":"Unauthorized","message":"Missing authentication"}.

I can’t understand how to use this API…
Please help me.

Thank you!


#2

Hi Ntkt,

You must authenticate to the API.

I would suggest first trying this using the management API explorer:

You must first set the API token (the button in the upper left part of the screen).

It is this token that you are missing in your code, but try with the explorer first to be sure you understand.

John


#3

Thank you for your reply, John!

I tried to use the API " /api/v2/tickets/password-change",
but it returned {"statusCode":401,"error":"Unauthorized","message":"Invalid token","attributes":{"error":"Invalid token"}}.


First, I logged in Auth0’s management page.
And I clicked “APIs” in left side menu.

Second, I clicked “Auth0 Management API” and look " Machine to Machine Applications" tab’s page.

Finally, I turned on “Authorized” switch.


Next, I wrote this code:

$data = [
    'form_params' => [
        'grant_type' => 'client_credentials',
        'client_id' => 'CLIENT_ID',
        'client_secret' => 'CLIENT_SECRET',
        'audience' => 'https://MY_DOMAIN.auth0.com/api/v2/',
    ],
    'header' => [
        'content-type' => 'application/json'
    ]
];

// send with guzzle
$result = $this->Guzzle->guzzleRequest('POST', 'https://MY_DOMAIN.auth0.com/oauth/token', $data);

This code can get Access Token.

And I wrote this code:

$data = [
    'form_params' => [
        'client_id' => 'CLIENT_ID',
        'email' => 'mail@address',
        'connection' => 'CONNECTION_NAME',
    ],
    'headers' => [
        'content-type' => 'application/json',
        'Authorization' => 'Bearer ' . 'ACCESS_TOKEN'
    ],
];

// send with guzzle
$result = $this->Guzzle->guzzleRequest('POST', $this->_auth0PasswordResetTicketUrl, $data);

It returned {"statusCode":401,"error":"Unauthorized","message":"Invalid token","attributes":{"error":"Invalid token"}}
Why?

Where am I wrong?


#4

I checked read:clients, read:client_keys and create:user_tickets,
then error message was changed.

{"statusCode":400,"error":"Bad Request","message":"Invalid request payload JSON format"}

Maybe It authorized, but I can’t understand this passage.
How to fix?

I wrote this code:

$data = [
    'form_params' => [
        'client_id' => 'CLIENT_ID',
        'email' => 'mail@address',
        'connection' => 'CONNECTION_NAME',
    ],
    'headers' => [
        'content-type' => 'application/json',
        'Authorization' => 'Bearer ' . 'ACCESS_TOKEN'
    ],
];

// send with guzzle
$result = $this->Guzzle->guzzleRequest('POST', $this->_auth0PasswordResetTicketUrl, $data);