Auth0 Home Blog Docs

Not able to handle reset password at my domain.



I have an existing application. For integrating reset password flow, I am calling dbconnections/change_password. Which triggers an email.
On click on the email user gets redirected to auth0 for reset password. Instead I want user to be redirected to my application.
In order to achieve this, I changed the {{url}} value to https://mydomain/resetpassword in change password email template.
Instead of this url, I want my url to look something like this https://mydomain/resetpassword?access_token=xyzxyzxyz. So that I can authenticate user at my end and can redirect him to his dashboard.
What can I do to append auth0 user_id or access_token to the url.


The use of /dbconnections/change_password implies the use of the hosted reset password page to complete the password reset process. Upon completion of the process it is possible to configure a redirect URL that returns the end-user to a specific URL you provided, but the actual change password process needs to be completed in the hosted page.

Have in mind that you can customize the appearance of the reset password page to a certain degree (see The final redirect URL that would take the user back to your client application can be configured at the email template level through the _ Redirect To_ field.

In conclusion, you can’t do what you suggested; you can either leverage the reset password flow through the hosted reset password page or implement the full flow yourself (not recommended) which would mean you would not be using the /dbconnections/change_password endpoint or the built-in email template.


So what is the way to implement signup and reset password, If I want to keep control in my application.
If implementing the full flow is the only option, then which approach I need to follow to get both the functionalities in action.
Please guide.


Part of the reason I said that it would be not recommended was that you would be on your own in terms of implementation and support. It makes no sense for us to have a reset password flow and then be suggesting how to perform custom approaches that could be implemented with less security than the built-in one.