[Fixed] How to send password change email instead of verification email for a new user in Auth0

Issue

I am new to Auth0 and I am working on integrating the Auth0 with my NodeJS app. I have setup Auth0 with my NodeJS app and also I came to know how to create API in Auth0 and integrate with my App.

Now my doubt is whenever I add a new user under user management in Auth0, a verification email is sent to the user but instead of the verification email I want the user to get password change email is this possible to achieve ? When I cross checked most of the docs saying use management API or Authentication API or implements rules to achieve it but I am not sure how to implement it.

Since I am new to Auth0 is there a way for me to find step by step process to achieve it.

Solution

I have been working on a similar use case where I create the user using the Auth0 Management Client, then request a reset password email using the Auth0 Authentication Client. I have been following the "Send an Auth0 change password email using a customized email template" workflow described here. However, it lacks an implementation example:

import {
  AuthenticationClient,
  ManagementClient
} from "auth0";

const mc = new ManagementClient({
  domain: process.env.AUTH0_DOMAIN,
  clientId: process.env.AUTH0_CLIENT_ID,
  clientSecret: process.env.AUTH0_CLIENT_SECRET,
});

const ac = new AuthenticationClient({
  domain: process.env.AUTH0_DOMAIN,
  clientId: process.env.AUTH0_CLIENT_ID,
  clientSecret: process.env.AUTH0_CLIENT_SECRET,
});

(async function() {
  await mc.createUser({
    connection: "Username-Password-Authentication",
    email: "[email protected]",
    email_verified: false, // this is implicitly set to true when the user follows the reset password link in the email they receive, but should be false for now
    name: "New User",
    password: "A random placeholder conforming to your policy", // e.g. "npm install generate-password"
  });
  
  await ac.requestChangePasswordEmail({
    email: "[email protected]",
    connection: "Username-Password-Authentication",
  });
})()

Finally, should you require the email to be an invitation email, you can customise the Reset Password email template and Reset Password page in the Auth0 Management Console. Using the liquid syntax, you can check for user.email_verified == false to conditionally append an isInvitation=true parameter to the {{ url }} of the email and test for this parameter in the reset password page logic. In my case I use window.location.href.includes("isInvitation=true"). Check out:

• https://auth0.com/docs/auth0-email-services/customize-email-templates
• https://auth0.com/docs/auth0-email-services/customize-email-templates/use-liquid-syntax-in-email-templates
• https://auth0.com/docs/universal-login/customize-password-reset-page