Password Reset Options?

Heyya yall, I have an odd use case, and I am unsure where/how to do what Im trying to do here.

Effectively, What I need to have happen is that if someone reaches out to an admin in my app, and they request and email change, the admin can put in the new email, and have it send them an email at the new email with a ticket to reset their password.

Now Ive gotten that to work, though just for safety’s sake, what I want to have happen is for auth0 to require them to put in their previous password along with the new password. How can this be achieved?

Hi @TheMemelyMan

This is an odd use case, and the first thing that comes to mind is “what if they have forgotten their password”.

I think you can do this. Off the top of my head, something like:
Admin gets a password reset link AND STORES IT SECURELY in a DB
Admin sends user a link to a special web app.
Special web app requires user to log in.
Once user is logged in, special web app gets the password reset link from the DB and redirects to it.

But I am not clear on what this achieves, from a security point of view.
If their email is not secure, is requiring a password going to provide additional security?

John