This article explains why a log event is not created in the "Success Change Password" log event for a "Password Reset / Post Challenge" Action written in the onExecutePostChallenge hook after a successful password change.

• The corresponding "scp" event does not have an Action Details tab that shows the Action execution details.

• Password Reset 
• Post Challenge Actions

The "Password Reset / Post Challenge" trigger is meant to run when the user clicks on the password reset link in their email but BEFORE changing their password. Please see more details in the Password Reset Flow documentation. The console.log statements may not be seen in Action because of how Auth0 log events are captured. When a password change is performed, there are two log events that are relevant:

1. Success Change Password Request (this is when the email is sent out);
2. Success Change Password (this is when the password has already been reset).

What is not captured on the logs is when the user actually clicks on the link (i.e., the step between the password change request and the successful change password), so a console.log on the "Password Reset / Post Challenge" trigger would not normally be visible on the logs. 

Verify the Action is being triggered by following one of the two processes:

1. Go to Extensions > Real-time Webtask Logs and perform any necessary setup steps. After the extension has been set up, perform the password reset flow. Clicking on the password reset link on the email will trigger the console.log which will be visible on the Extension, but not the logs because the logs do not capture the real-time data for when the user clicks on the password reset link. 
2. Another way to verify this that is more visible to the user is to do a simple redirect on the Action. An example script might be:

  exports.onExecutePostChallenge = async (event, api) => {
    api.redirect.sendUserTo('https://google.com');
  };

For testing purposes, use an empty request body for "onContinuePostChallenge" below "onExecutePostChallenge" here. Verify that when the user clicks on the password reset link, they are redirected to Google, which will verify the Actions are running.