Trying to change user's password - Auth0::BadRequest ({"error":"password is not allowed"})

I am trying to use the ruby library and change a users password. I am providing the email, and a new password.

Here’s the command
client.change_password(, PASSWORD)

This is the response I am getting:
Auth0::BadRequest ({“error”:“password is not allowed”})

I am trying to setup a user invitation system where a user gets invited to use my app, and in this invite process (handled by my app and AUTH0 API), the user can set their password and confirm their account.

Is there something I am doing wrong here, or a “right” way to do this?

Hi @jnarowski,

The password change endpoint triggers a password change email request. If you want to change a user’s password for them you must use the managment API user endpoints (update or create depending on the scenario).

Hope this helps,

I want to set the password for my users, not trigger a password reset email. How can I do this?

We are creating a user invite system, so the user will be setting the password on their side.

Is is an invite-only approach, where a user cannot signup himself without an invitation. Or is the invite system more of an idea to keep track of the referrer (while other users can also signup without such referral)?

If the latter, there are ways to handle the signup with the standard out-of-the-box Auth0 Login/Signup page and still being able to keep track of the referrer. Then there wouldn’t be a need for an embedded signup approach on your end.

(If it’s an invite-only concept, it’s a bit different.)

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.