auth0 / go-auth0

Go SDK for the Auth0 Management API.
https://auth0.com
MIT License
141 stars 55 forks source link

ChangePassword method on SDK does not return the ticket #418

Closed TheManSpeaker closed 5 months ago

TheManSpeaker commented 5 months ago

Checklist

Describe the problem you'd like to have solved

I have a usecase where I want to be able to create a password change ticket and send that link in a custom email - specifically to implement a new-user invite flow described here: https://auth0.com/docs/customize/email/send-email-invitations-for-application-signup#create-password-change-tickets

To do this I need to be able to get the ticket url returned by the management API: https://auth0.com/docs/api/management/v2/tickets/post-password-change

However, the SDK method that wraps this endpoint does not actually return the URL, it only returns an error.

Describe the ideal solution

The SDK ChangePassword method returns the password reset ticket url (or a new method is added which does this).

Alternatives and current workarounds

The only alternative/workaround I have right now is to not use the SDK and just call the API directly with Go's http client instead.

Additional context

No response

developerkunal commented 5 months ago

Hi @TheManSpeaker,

I hope you're having a great day!

I've reviewed the issue, and it seems that you can easily access the password change ticket URL without needing to modify or add anything to the SDK. The ChangePassword method automatically updates the Ticket object with the ticket URL after it successfully creates the ticket.

Here's how it works: when you call the api.Ticket.ChangePassword method and pass in your Ticket object with the necessary parameters (like ResultURL, UserID, etc.), the Auth0 SDK handles the API call and updates the Ticket object internally with the URL where users can change their password.

To retrieve this URL, you simply need to access it from the Ticket object after calling the method. Here's a working example in Go:

// Initialize Auth0 Management API client
api, err := management.New(
    os.Getenv("AUTH0_DOMAIN"),
    management.WithClientCredentials(context.Background(), os.Getenv("AUTH0_CLIENT_ID"), os.Getenv("AUTH0_CLIENT_SECRET")),
    management.WithDebug(true),
)
if err != nil {
    log.Fatalf("failed to create Auth0 management client: %+v", err)
}

// Create a new user (example user creation code not shown for brevity)
// ...

// Prepare the password change ticket request
ticket := &management.Ticket{
    ResultURL:              auth0.String("https://example.com/change-password"),
    UserID:                 user.ID,
    TTLSec:                 auth0.Int(3600),  // Ticket TTL in seconds
    MarkEmailAsVerified:    auth0.Bool(false),
    IncludeEmailInRedirect: auth0.Bool(true),
}

// Call the ChangePassword method to generate the ticket
err = api.Ticket.ChangePassword(context.Background(), ticket)
if err != nil {
    log.Fatalf("failed to create password change ticket: %+v", err)
}

// The 'ticket' object now contains the ticket URL
ticketURL := ticket.GetTicket()
log.Printf("Password change ticket URL: %s", ticketURL)

In this example, after calling api.Ticket.ChangePassword, you can directly access ticket.GetTicket() to obtain the URL where users should be redirected to change their password.

This approach ensures that you can seamlessly integrate the password change flow in your application without needing to handle additional data structures or make extra SDK modifications.

Let me know if you have any further questions or if there's anything else you need assistance with!

TheManSpeaker commented 5 months ago

Ah this will work for me then. Might be worth calling out in the docs somewhere that it mutates the ticket since that wasn't obvious to me - but otherwise this solves the problem. Thanks!