Hi,
We have a connected application where we use Auth0 out of the box screens and flows (not using the SDK).
We want to allow users to click ‘forgotten password’ and instead of getting a reset URL, we want them to be shown a screen that accepts an OTP (should they have entered a valid username) and once entering the OTP, then allowed to set a new password.
Is this possible?
not with Auth0’s default “forgot password” flow. Out of the box, Auth0 only supports the email reset link. To do OTP-first reset, you’d need to build a custom flow using Auth0 Actions / custom pages and their Passwordless or Management API so it’s possible, but not with the standard hosted screens alone
Gotcha, thank you. Appreciate the response.
Hi @JFoxUK
Welcome to the Auth0 Community!
You are able to set within the Auth0 database’s settings to send an OTP instead of a verification email when clicking of “Forgot Password”. You will be able to find this under Authentication → Database → Select your Database → Attributes → Configure → OTP. Please note that this will change how the verification emails will be sent as well.
If you have any other questions, let me know!
Kind Regards,
Nik