I am still early. on my research here but I am a bit confounded by this finding:
Setup:
- auth0-react
- our GetUser script is implemented to always just
return null, null
for both error and user profile - univ login with classic universal, custom login page with lock.js.
case 1 (user never existed in auth0): Reset password from ui page. I get two emails. one asks to verify email, another is reset pwd. Expected?
Case 2 (user used to be in auth0 but manually deleted from auth0): reset password now sends no email, and we see log error ‘User not found’. This is probably because our GetUser script is implemented to always just return null, null
for both error and user profile
So when exactly does the GetUser script come into play? Does it only get called if auth0 user does not exist? If so how come the two cases above behave differently? Since user has been deleted in case 2 as well