I have an api + a default app for it on Auth0.
Im using a the db connection as the identity provider so i will create my app user’s myself.
What if a user needs to change his password or some other admin issue, is there a builtin interface i can give my users ?
Have you looked at the docs on password reset?
There are numerous ways to start the password reset flow, whether it is via the dashboard, through the login page, or via our management api password reset ticket endpoint or the authentication api password change endpoint.
Hope this helps!
Thats not exactly what i meant.
so once i have an application and i have some users on the db, how does a user initiate a password change ?
Can i give him a url with my label or do i have to create my own UI and use API ?
The built-in password reset flow with Universal Login is the 'forgot password` link here:
Otherwise you will need to use your UI with the api.
There is a Universal login page to handle the actual input of the new password, but not initiate a reset other than through the forgot password link.
You can checkout the flow here:
We have an API app so the login page is not relevant for us, the scenario we’re looking to build with Auth0 zero is:
- We create a user with a default password or with no password.
- The user automatically receive an email asking him to approve the account and change\create a password. (I can see an approval email but nothing about a password).
3.If a user needs to reset is password he navigates to the reset password page and do it himself.
I dont want to know my users passwords or to be able to change the passwords for them.
Is that possible using Auth0 ?
I see what you are saying. There isn’t a turn key solution for this, but it is certainly possible through the use of hooks and rules.
You should be able to set this up with a post registration hook. The hook will run after you create a user, and will send them a pw reset request. You can use a rule to force the user to reset their password before logging in.
Here are the resources to set this up:
For the hook, you can make a request to the change password endpoint that will send the default pw reset email to the user requesting a reset. (or you can use the management api password change ticket endpoint to create a pw reset link and send that in a custom signup email).
If you do not want the user to have to separately verify their email address, you can use a rule to verify email on pw reset.
This will require some custom email setup, as the auth0 welcome email template will not allow you to inject a pw reset link.
Hope this helps!
Your solution is very helpful.
What about my concern regarding my ability to change a user password for him ?
Is that acceptable security wise ?
Passwords are never stored in plain text. They are hashed and salted. You will have the ability to change a users PW for them, but as an admin you may need that power. Do you have a specific concern about not wanting to change the password as an admin?
No special concern
Let us know if you have any other questions.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.