Problem statement
We want to pass simple information like the client domain to our web application used to implement our password reset pages. Is there a way we can provide extra parameters to the password reset URL? Or is there any mechanism to pass information to our password reset pages?
Solution
There are two ways to initiate a password change flow. You can either automatically send the Change Password email template directly to a user using the
- /dbconnections/change_password* endpoint
https://auth0.com/docs/api/authentication#change-password
or you can manually create a password change ticket using the
/api/v2/tickets/password-change endpoint
https://auth0.com/docs/api/management/v2#!/Tickets/post_password_change
and handle the delivery of the link yourself.
When using /dbconnections/change_password , Auth0 triggers the sending of the email that includes the password change link, and therefore you are not able to insert custom query string parameters onto the link that’s sent.
When using /api/v2/tickets/password-change , you handle the sending of the link yourself, and therefore you can include custom query string parameters onto the link before delivering it to your users. These custom parameters can then be accessed via Javascript in your custom Password Reset page.