MFA before resetting password

ywaka · January 2, 2024, 8:53pm

Hi!

I would like to add MFA (Sending verification code to email) before resetting password.

User clicks on forgot password
User enters email
User gets an email for verification code
User enters verification code
User enters new password and change the password

I have been trying to find out how to call MFA before changing the password, but couldn’t figured this out. I could only find the action template for ‘verified email’ before changing the password. From my understanding, first, it needs to authenticate the user and then call MFA API call. However, user authentication requires a password. Since the user doesn’t know the password, I couldn’t use the same API call as I did after creating/login functionality.
If anyone know how to solve this, I would appreciate it!

rueben.tiow · January 2, 2024, 9:16pm

Hi @ywaka,

Welcome to the Auth0 Community!

Unfortunately, it is not possible to enforce MFA before changing passwords. However, you can enforce it after they have changed passwords.

For more information, please refer to this related post.

Cheers,
Rueben

system · January 16, 2024, 9:16pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.