I want to let user reset password at my own application page

Hello, I am new to the community, just I am trying to find some solution about reset password at my own application page.

I understand that Auth0 gives us API to reset password with sending email and reset at universal login page.

My story is that

• User forgets password
• Enter his/her email
• Send email
• User click the link
• User will come to my own application’s reset password page
• User reset password

I have already checked Auth0 management API to update password with /users/{id}

However, I have no idea to get access token whose user forgets password and not login yet, and worried about impostor

Please help me to realize my story which user can reset password at my own application’s reset password page

Thanks,
TShida

Hi @TShida951

If you redirect the user to your own page, you are taking responsibility for ensuring that they are the proper user. Unless there is a VERY good reason to do this, you should use Auth0’s built in flow for changing the password.

Your application can access the Management API with a client credentials token. This token is NOT tied to the user changing their password. Again, you are taking that responsibility on if you do this.

John

Hello, @john.gateley

Thank you for your quick reply.

If you redirect the user to your own page, you are taking responsibility for ensuring that they are the proper user.

I totally understand this, and this is one of answers which I expect.

I will discuss with my project team again.

Thank you,

TShida

Let us know if you have any other questions down the road!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.