Navigation

    FusionAuth
    • Login
    • Search
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs

    What is the forgot password flow if the user doesn't exist

    Q&A
    forgot password user
    0
    2
    264
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • dan
      dan last edited by

      If an email that is not registered to a user in FusionAuth is posted to a Forget Password flow from the UI, what does FusionAuth do?

      --
      FusionAuth - Auth for devs, built by devs.
      https://fusionauth.io

      1 Reply Last reply Reply Quote 0
      • dan
        dan last edited by

        There is no feedback to the user.

        Whether the account exists with that email or not, the default message indicates a message will be sent.

        If the user does not exist with that email, no email is sent.

        The reason to avoid returning an error is to limit the ability to enumerate the users in the system, generally considered a bad thing(TM).

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • First post
          Last post