Reset Password journey without using email

We are implementing a login scenario where our users will be able to login using their account no and password or their email address and password.

For the reset password scenario we are not sure if it possible for a user to provide their username (account number) instead of their email address.

Would it be possible to use the authentication api to achieve the above scenario ?

If we were to create an api that would that interface between our custom reset password page and the authentication api. When a user chooses to reset their password, the api would check if the user exists in the auth0 db and grab their email address and then invoke the authentication api.

Would that work and would there be any security concerns in doing the above?

Hey there!

Sorry for such delay in response! We’re doing our best in providing the best developer support experience out there, but sometimes the number of incoming questions is just too big for our bandwidth. Sorry for such inconvenience!

Do you still require further assistance from us?