Auth0 Home Blog Docs

Update User Password


Hi all,

I’m currently using free subscription.

I’m using Update User API to allow my user to change their password. Once they did that, I can see a “Success Change Password” in Auth0 Log.
Unfortunately the user can’t login with neither their new password or old password.

The workaround would be I locate User by email from Auth0 User module then apply Change Password action.

I had no issue with my staging tenant but not production tenant

Please help.


Would you be able to share a sanitised API call you’re making to the /users endpoint?

  "date": "2019-01-09T11:21:29.725Z",
  "type": "scp",
  "description": "You can now login to the application with the new password.",
  "connection": "Username-Password-Authentication",
  "connection_id": "***",
  "client_id": "***",
  "client_name": "N/A",
  "ip": "",
  "user_agent": "unknown",
  "details": {
    "body": {
      "tenant": "*****",
      "client_id": "***",
      "user_id": "5c35c4631f9dc0764b73560d",
      "connection": "Username-Password-Authentication",
      "email": "*****",
      "newPassword": "*****",
      "verify": false
  "user_id": "auth0|*****",
  "user_name": "****",
  "strategy": "auth0",
  "strategy_type": "database",
  "log_id": "90020190109112129725770339721333597139713366941063184434"

Above is logs details and below is code:

    const response = await request.patch(`https://${auth.auth0.domain}/api/v2/users/${userId}`, 
{      headers: {        'content-type': 'application/json',        authorization: `Bearer ${tokenInfo.access_token}`,    
body: {        password,        
connection: 'Username-Password-Authentication',      },      json: true,    });

I able simulate the issue with staging tenant by perform getTokenInfo (/oauth/token) follow by update user password (/user/id) within a expressjs API call

The reason I do this is to allow user change their password by entering old password follow by new/confirm password.

Any idea why this happened

closed #6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.