This article explains how to generate a password reset link for a user without sending an email. This is useful for administrative scenarios where a user needs to be guided through a password reset in a custom workflow. The process involves using the Auth0 Management API to create a password change ticket.

• Auth0 Management API

• Password Resets

To generate a password reset link directly, an administrator can create a password change ticket using the Auth0 Management API. This process returns a unique URL that directs the user to a hosted password reset page.

1. Obtain a Management API Token: A token is required to authenticate with the Management API. This token must have the create:user_tickets scope.

2. Make a POST Request: Send a POST request to the /api/v2/tickets/password-change endpoint.

3. Provide the Request Body: The body of the request must include the user_id of the user for whom the ticket is being created. Other optional parameters can also be included:

   • result_url: A URL to which the user will be redirected after a successful password change.

   • ttl_sec: The time in seconds for which the link is valid. If not specified, the default is 432,000 seconds (5 days).

   • mark_email_as_verified: Set to true to mark the user's email as verified after a successful password change.

Example Request Body:

{
  "result_url": "http://www.example.com/login",
  "user_id": "auth0|xxxxxxxxxxxxxxxxxxxxxxxx",
  "ttl_sec": 86400
}

The API response will contain a ticket property with a URL. This URL is the password reset link that can be provided to the user.