We are implementing a login scenario where our users will be able to login using their account no and password or their email address and password.
For the reset password scenario we are not sure if it possible for a user to provide their username (account number) instead of their email address.
Would it be possible to use the authentication api to achieve the above scenario ?
If we were to create an api that would that interface between our custom reset password page and the authentication api. When a user chooses to reset their password, the api would check if the user exists in the auth0 db and grab their email address and then invoke the authentication api.
Would that work and would there be any security concerns in doing the above?