[Rule] Force reset password with redirect

I would like to know how can I implement a rule “force reset password” redirecting the user to the auth0 login page with a custom message.

I was trying some stuff, like:

  • Redirect to the login page
    I was redirecting to the login page with an Unauthorized error, but since auth0 keeps the user session alive, it creates a “too_many_redirections” because soon as the request hits the login page, it will automatically try a new login. It only destroys the session if the user accesses the logout app URL.

  • Redirect to the reset password token URL
    It just doesn’t work, when I used a redirect to this URL inside the rule, the state token in the query string, somehow breaks the URL.

1 Like

Hey @Elano,

Did you make it work? if not, let’s try and figure it out together. It’s a safe guess that you’ve already tinkered with the Password Reset page and figured out a way to customize it to display a message you want to your users.

Now, to the Rule in question. I’m not 100% positive, but Password Reset via Management API looks like a possible solution. When your rule determines that a user needs to change their password, you could fire a POST request, log them out, and redirect to the login page with a custom message. They will receive an email prompt to change their password.

Let me know if it was helpful!

Hi, I still didn’t make it work, to be honest the task was paused hoping for some help from here.
So the problem with your suggestion is, how do I log the user out?
The only way I found to do this is using the logout url.

Hey @Elano, thanks for the update. Have you tried calling logout endpoint? It would give you the ability to redirect users with returnTo parameter.

lul Sorry, I was so focused using this Home - Documentation ,
that I really didn’t check directly in the auth0 documentation.
I’ll make some tests and let you know if it worked.

2 Likes

Thanks a lot for that! Sure let us know if you have any other questions or require further assistance!

Hi,

Hey, this partially solved my problem, but I have one more question.
There is any way that I can hit the logout url inside the rule using some kind of request and do the logout?
Right now I’m doing this using the context redirect.

I’m sorry Elano but you are unable to accomplish that task with a rule. I’m sure you can build something out with custom logic though which may take some work/discovery.

Yes, I can do something else, it was just another option;
Thanks for all the help.

2 Likes

No worries! We’re here for you!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.