Auth0 Home Blog Docs

Password Reset E-mal Automatically changes E-mail

password-reset
change-password

#1

When posting to https://xxx,auth0.com/dbconnections/change_password with a body of

{ "client_id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "email": "bob@example.com", "connection": "Username-Password-Authentication" } it will send the password reset E-mail correctly. However, once I hit either the link or confirm in the E-mail, it will automatically "reset" the password without prompting the user for the new password.

Is there something I’m doing wrong or did not configure correctly?


#2

Can you confirm a couple of things for me to investigate:


#3

Hi @prashant ,

  1. The Change Password flow v2 is enabled
  2. No, we’re using the default E-mail.

I’ve done some further testing. If I open the E-mail on my phone and click on the link/button, it will not automatically change password with null which is what I expect since I did not specify a password in the request. However, on chrome/firefox/edge/ie on my pc, it will 9/10 times automatically change the password with null.


#4

@jlovin thanks for clarifying. This behaviour is quite odd - I haven’t been able to reproduce this, nor have I come across it before. Which email provider/client are you using? i.e. are the emails being sent to a Gmail account, or something else?
One thing to test would be to try a different email address/client/provider to see whether this could be the issue.


#5

@prashant I’ve been able to replicate with Outlook and GMail


#6

Can you please try capturing a HAR file and a screen capture of this behaviour:
https://auth0.com/docs/har. Please remove any sensitive information from the file before sending it through. You can upload it to Google Drive or Onedrive, and restrict access to the link for @auth0.com email addresses using sharelock.io.


#7