With user-password authentication, it is common for users to try and log in with an email address they though they’d signed up with, but didn’t.
Upon failing password verification, they then recover their password to the same email address they tried to log in with. They get told a password reset email will arrive. As expected, it never arrives.
Now it is understandable that Auth0 doesn’t display a message saying “No such account”, as that would let hackers know which accounts do and don’t exist.
However login dialogs typically say “A password reset email has been sent IF such an account exists.”
I haven’t been able to find a way to customize this message for when a password belonging to a non-existing account is trying to be recovered. Not being big enough to worry about hackers yet, our users are finding this frustrating.