Auth0 Home Blog Docs

Reset password, gets http 400

reset
reset-password

#1

I’m currently trying to add the reset password function in my Custom UI.
I’ve added;

      function passwordReset() {
        var email = document.getElementById('email').value;
        webAuth.changePassword({
          connection: 'Username-Password-Authentication',
          email: email
        }, function (err, resp) {
          if(err){
            console.log(err.message);
          }else{
            console.log(resp);
          }
        });
      }

It works fine to call the function and then get an email to the specified email address. The email works fine. But when I call the function it has a not so nice sideeffect which is that I automatically get redirected to a http 400. It looks like the url has forgotten the entire authorizeUrl so it no longer knows the client ID etc. It is trying to reach
https://xxx.eu.auth0.com/login?
How can I fix so the user will not be automatically redirected to a 400?


#2

I’m likely missing something so you should update your question with additional context. In particular, confirm if you get the 400 simply as the consequence of calling the method or if it’s related to following the link received in the email.

The changePassword should do a request to the associated endpoint, but not in any way cause a redirect. I tried this in a sample app, by doing this:

var options = { domain: "[domain]", clientID: "[client_id]" };
var webAuth = new auth0.WebAuth(options);

// ... later as a response to user click

webAuth.changePassword({
  connection: "[connection]",
  email: "[email]"
}, function (err, resp) { /* ... */ });

This worked as expected with the call being made with success without any redirects or navigation changes.


#3

It’s a consequence of calling the method changePassword.
Following the link in the email works fine.

It’s probably" the request to the associated endpoint" that’s gets broken is some way.
I tried with your code aswell and it was the same result.
The details says “invalid_request: missing client parameter” if it can be to any help.
And from what I can see the webAuth should have set the value of clientID.


#4

It’s a consequence of calling the method changePassword.
Following the link in the email works fine.

It’s probably" the request to the associated endpoint" that’s gets broken is some way.
I tried with your code aswell and it was the same result.
The details says “invalid_request: missing client parameter” if it can be to any help.
And from what I can see the webAuth should have set the value of clientID.


#5

Can you update your question with the exact code you use to create the webAuth instance used in the code snippet you already included?


#6

@jmangelo , here is the code use to create webAuth:

 var config = JSON.parse(
    decodeURIComponent(escape(window.atob('@@config@@')))
  );

var params = Object.assign({
    domain: config.auth0Domain,
    clientID: config.clientID,
    redirectUri: config.callbackURL,
    responseType: 'code'
  }, config.internalOptions);

  var webAuth = new auth0.WebAuth(params);

#7

@jmangelo , here is the code use to create webAuth:

 var config = JSON.parse(
    decodeURIComponent(escape(window.atob('@@config@@')))
  );

var params = Object.assign({
    domain: config.auth0Domain,
    clientID: config.clientID,
    redirectUri: config.callbackURL,
    responseType: 'code'
  }, config.internalOptions);

  var webAuth = new auth0.WebAuth(params);

#8

My initial test was doing this in the client application and from looking at your code you’re doing the call from within the hosted login page. However, I customized my HLP to have an action button that would perform the same call as you and I had no issues. The call to change password completed with an HTTP 200. I was trying to avoid it as it has some overhead, but you may need to capture an HAR and share it. Be sure to remove any sensitive information or include it in a password protected zip and share the password through sharelock.io to @auth0.com email domain.


#9