Password reset query param

Hi,

I’m building a flow where I want to invite users to my app so I’m following this flow Send Email Invitations for Application Signup

The document describes two flows:

For this flow:

Customize an email template and use it to send a change password email.

Should I add a button in the template which both makes an API call to accept the invitation and calls the endpoint to send a reset-password email?

Another way would be to create a action which is called when a user is called to call the reset-password email endpoint, is there some way I can add information to that endpoint which adds query-parameters to the reset-password page?

Hi @hugo.sjoberg,

Welcome to the Auth0 Community!

Let me clarify that the Send Email Invitations for Application Signup documentation describes using only one flow to send email invitations for application sign-up. Specifically, you will need to customize a change password email template to be repurposed as an invitation. Then you will have to call the Management API’s Create a password change ticket endpoint to generate a change password ticket, which you will need to take and send to the user.

In essence, you will need to follow these steps:

  1. Administrator creates a user account.
  2. Administrator sends a registration email invitation to the user.
  3. User follows a link in the invitation email to set up a password for the account.
  4. User creates and verifies a password.
  5. User signs in.

Just to circle back, you will not need to add a button to your email template, but rather, generate the email ticket and send it to the user.

I hope the explanation was clear!

Thanks,
Rueben

1 Like

Hi @rueben.tiow thanks for the quick reply.

About 2. do you mean I create a custom email or sending an email by calling https://{yourDomain}/dbconnections/change_password??

If the latter, how can I pass in query-params so I can make the reset-password template usable for password reset and signins?

Hi @hugo.sjoberg,

Thanks for following up.

For Step 2. you will need to use the Auth0 Management API Create a Password Change Ticket endpoint, and then send the password change ticket URL in an email to the user. When the user clicks the link, they will be prompted to reset their password through the Universal Login flow.

Then to pass in additional query parameters, you can specify them after the # symbol in the change password ticket URL.

For example, if the Change password URL looks something like the following:

"ticket": "https://{{YOUR_DOMAIN}}/u/reset-password?ticket=RqwHoceVYPZL69zWiOiheP508GkLGGxB#"

We can take this change password URL ticket, and add the extra query parameters after the hashtag (#) symbol. Let’s say we wanted to add:

#app=AppName

Then the Change password URL would look like this:

"ticket": "https://{{YOUR_DOMAIN}}/u/reset-password?ticket=RqwHoceVYPZL69zWiOiheP508GkLGGxB#app=AppName"

(Reference: Add query parameters ticket URL)

Finally, let me add that calling https://{yourDomain}/dbconnections/change_password? does not allow you to include additional query parameters. Therefore, you will need to use the Management API to create a change password ticket to add the query parameters in the URL.

Does that help?

Thanks,
Rueben

Hi @rueben.tiow

I’m a bit confused, what is the flow for the user to receive the password-url?

/Hugo

Pinging @rueben.tiow in case this got lost over the weekend

1 Like

Hi @hugo.sjoberg,

Thanks for following up!

If you require additional query parameters, calling the /api/v2/tickets/password-change endpoint will let you append them to the ticket URL. Then you can send that email using an external mail service to send it to the user.

The easier option, which you have mentioned, is to call the /dbconnections/change_password? endpoint instead. If you choose this option, Auth0 will handle sending the email for you. But you won’t be able to pass additional query parameters. One workaround to this may be to leverage user_metadata or app_metadata.

Please let me know if you have any questions.

Thanks,
Rueben

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.