Post Change Password Flow

The Post Change Password Flow runs after a user resets or changes their password. You can use this flow to email the user after a password change or to notify another system that the user’s password has changed, so that other sessions not managed by Auth0 can be revoked.

Actions in this flow are non-blocking (asynchronous), which means the Auth0 pipeline will continue to run without waiting for the Action to finish its execution. Thus, the Action's outcome does not affect the Auth0 transaction.

Triggers

Post Change Password

The post-change-password trigger runs after a database connection user resets or changes their password.

Multiple Actions can be bound to this trigger, and the Actions will run in order. However, these Actions will be run asynchronously and will not block the password reset process.

Reference

Event object: Provides contextual information about the user and the connection on which the password was changed.

Common use cases

Invalidate the user’s session in another system

A post-change-password Action can be used to invalidate the user's session in another system:

const axios = require("axios");

/**
 * @param {Event} event - Details about user whose password was changed.
 */
exports.onExecutePostChangePassword = async (event) => {
  axios.post("https://my-api.exampleco.com/revoke-session", { params: { email: event.user.email }});
};

Was this helpful?

To use an npm library like axios, you must add the library to the Action as a dependency. To learn more, read the "Add a dependency" section in Write Your First Action.

Send an email after the user changes their password

const axios = require("axios");

exports.onExecutePostChangePassword = async (event) => {
  try {
    // https://sendgrid.api-docs.io/v3.0/mail-send
    axios.post('https://api.sendgrid.com/v3/mail/send',
      {
        personalizations: [{
          to: [{ email: event.user.email }]
        }],
        from: { email: 'admin@exampleco.com' },
        subject: 'Your password was changed',
        content: [{
          type: 'text/plain',
          value: 'The password for your ' + event.connection.name + ' account ' + event.user.email + ' was recently changed.'
        }]
      },
      {
        headers: {
          'Authorization': 'Bearer ' + event.secrets.SENDGRID_API_KEY
        },
      }
    });
  } catch (err) {
    console.log(`Error sending email to ${event.user.email}:`, err.message)
  }
};