Post Change Password Trigger

The Post Change Password trigger runs after a user resets or changes their password. You can use this trigger to email the user after a password change or to notify another system that the user’s password has changed, so that other sessions not managed by Auth0 can be revoked.

Diagram showing the Actions Post Change Password Flow.

Actions in this flow are non-blocking (asynchronous), which means the Auth0 pipeline will continue to run without waiting for the Action to finish its execution. Thus, the Action's outcome does not affect the Auth0 transaction.

Triggers

Post Change Password

The post-change-password trigger runs after a database connection user resets or changes their password.

Multiple Actions can be bound to this trigger, and the Actions will run in order. However, these Actions will be run asynchronously and will not block the password reset process.

Reference

  • Event object: Provides contextual information about the user and the connection on which the password was changed.

  • API object: Provides methods for changing the behavior of the flow.

Common use cases

Invalidate the user’s session in another system

A post-change-password Action can be used to invalidate the user's session in another system:

const axios = require("axios");

/**
 * @param {Event} event - Details about user whose password was changed.
 */
exports.onExecutePostChangePassword = async (event) => {
  axios.post("https://my-api.exampleco.com/revoke-session", { params: { email: event.user.email }});
};

Was this helpful?

/

Send an email after the user changes their password

const axios = require("axios");

exports.onExecutePostChangePassword = async (event) => {
  try {
    // https://sendgrid.api-docs.io/v3.0/mail-send
    axios.post('https://api.sendgrid.com/v3/mail/send',
      {
        personalizations: [{
          to: [{ email: event.user.email }]
        }],
        from: { email: 'admin@exampleco.com' },
        subject: 'Your password was changed',
        content: [{
          type: 'text/plain',
          value: 'The password for your ' + event.connection.name + ' account ' + event.user.email + ' was recently changed.'
        }]
      },
      {
        headers: {
          'Authorization': 'Bearer ' + event.secrets.SENDGRID_API_KEY
        },
      }
    );
  } catch (err) {
    console.log(`Error sending email to ${event.user.email}:`, err.message)
  }
};

Was this helpful?

/