FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    What is the forgot password flow if the user doesn't exist

    Scheduled Pinned Locked Moved
    Q&A
    forgot password user
    2
    3
    3.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • danD
      dan
      last edited by

      If an email that is not registered to a user in FusionAuth is posted to a Forget Password flow from the UI, what does FusionAuth do?

      --
      FusionAuth - Auth so modern you can download it.
      https://fusionauth.io

      1 Reply Last reply Reply Quote 0
      • danD
        dan
        last edited by

        There is no feedback to the user.

        Whether the account exists with that email or not, the default message indicates a message will be sent.

        If the user does not exist with that email, no email is sent.

        The reason to avoid returning an error is to limit the ability to enumerate the users in the system, generally considered a bad thing(TM).

        --
        FusionAuth - Auth so modern you can download it.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • V
          vasanth.mahendran
          last edited by

          what about the password start event? will webhook receive a event for a user who does not exist in fusion auth?

          This will be good feature especially if slow migration is used for migrating users

          1 Reply Last reply Reply Quote 0
          • First post
            Last post