Pre-password change hook or rule

Desired scenario: When a user is using Google as their auth provider and attempts to reset their password via the new universal login page we’d like to send them an email with something like “Please try logging in via Google…”. Currently they receive nothing which leads to them reaching out to our support team.

Is there any way to catch this scenario using rules, hooks or actions?

Thanks,
-Ivan

@konrad.sopala @dan.woda would love your eyes on this one if you can spare a sec! Thank you :pray:

Hi @jivinivan,

Welcome back!

We don’t currently have a pre-password change extensibility point. You can certainly create a feature request for this.

It’s possible that this could lead to a user enumeration attack, and that is why this is set up in a way that can be ambiguous for users.

Thanks for the response @dan.woda! I have added a feature request.

Re: user enumeration attack concern: The alert/message wouldn’t change on the client side. The hook/trigger would run the background. In this case it there shouldn’t be any concern for a user enumeration attack, right?

1 Like

Oh yes, I thought you were going to push the Please try logging in via Google… warning to the login page. I see now you want to email that to your user. Makes more sense :grinning_face_with_smiling_eyes:

Thanks for creating the feature request!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.