About Auth0 Change Password API Specifications

Tadashi Shigeoka ·  Sat, February 13, 2021

I’ll share what I researched about Auth0 Change Password API specifications.

Auth0

Background: Want to Send Password Reset Email via Auth0

To fulfill the requirement “Want to send password reset email via Auth0 API,” I used the Change Password API.

Change Password API Research Results

Gmail Alias Feature Not Supported

Email addresses using Gmail’s alias feature (addresses containing +) do not trigger email sending when making API requests.

API Response Message is Always the Same

Regardless of whether the email address exists in the Auth0 database or not, the Auth0 API response always returns the same message.

This appears to be a specification to prevent clients from knowing whether the email address is stored in the database based on the API response.

That’s all from wanting to understand Auth0’s password reset email API from the Gemba.