Please add a way to allow for custom password reset pages and custom emails with 8base authorization.
Sending an Auth0 branded email to users when they want to reset password, doesn’t send the right message to my customers. I would like to send my own branded email that links to a custom reset password page on my own site. (not an Auth0 branded reset password page).
It’s great for getting up and running quickly but for an established business there needs to be a way to make things look and feel like the rest of the site to make for a good and most importantly trustworthy user experience.
When you send a user from 1 site to another to do things like signup/login/password reset. It tells the user the message that you are using a third party system to handle stuff for you. (while this is not inherintly bad and in the case of password management and payment systems can actually be a good thing for security savvy people) it makes an average consumer feel like the company might be “too cheap” to build a custom solution like they are used to from bigger trustworthy companies like e.g. their bank. (or it could give the message that it’s something that’s thrown together quick and not an established business)
Especially in fintech having trust with customer is a huge deal, and anything that puts that at risk is a problem.
My suggestion would be to just open it up in the form of built in GraphQL functions just like your “signupUserWithPassword”. Have one that gives you a unique token I can put as a query param in a link in my custom email. (this token is tied to the specific user that requested it)
Then another function to actually reset the user’s password which requires the token previously sent.
flow would be making a query to e.g. “getResetPasswordToken” and then “resetPasswordWithToken” with the variables { token, newPassword } (possibly user email or id if you want). The idea is the token can be sent to the user in a link using any email service like sendGrid, mailchimp etc.
Thanks for reading,
Mark