Back to Novu

Password Reset and Auth Alert Notifications

docs/guides/use-cases/password-reset-notifications.mdx

3.18.05.9 KB
Original Source

Send password reset and authentication alert notifications through Novu by triggering a workflow when your auth provider emits a security event. Novu delivers the reset link or alert via email, in-app, or SMS depending on your workflow configuration.

How do I send a password reset notification?

  1. Create a workflow (for example, password-reset) with an email step containing the reset link: {{payload.resetUrl}}.
  2. When your auth system generates a reset token, trigger the workflow with the subscriber's ID and payload.
<Tabs> <Tab title="Node.js"> ```typescript import { Novu } from '@novu/api';

const novu = new Novu({ secretKey: process.env.NOVU_SECRET_KEY });

await novu.trigger({ workflowId: 'password-reset', to: { subscriberId: user.id, email: user.email }, payload: { firstName: user.firstName, resetUrl: https://app.example.com/reset?token=${token}, expiresInMinutes: 30, }, });

  </Tab>
  <Tab title="Python">
```python
import os
import novu_py
from novu_py import Novu

with Novu(secret_key=os.getenv("NOVU_SECRET_KEY", "")) as novu:
    novu.trigger(trigger_event_request_dto=novu_py.TriggerEventRequestDto(
        workflow_id="password-reset",
        to={"subscriber_id": user.id, "email": user.email},
        payload={
            "firstName": user.first_name,
            "resetUrl": f"https://app.example.com/reset?token={token}",
            "expiresInMinutes": 30,
        },
    ))
</Tab> <Tab title="Go"> ```go import ( "context" "fmt" "os"
novugo "github.com/novuhq/novu-go"
"github.com/novuhq/novu-go/models/components"

)

s := novugo.New(novugo.WithSecurity(os.Getenv("NOVU_SECRET_KEY")))

_, err := s.Trigger(context.Background(), components.TriggerEventRequestDto{ WorkflowID: "password-reset", To: components.CreateToSubscriberPayloadDto(components.SubscriberPayloadDto{ SubscriberID: user.ID, Email: user.Email, }), Payload: map[string]any{ "firstName": user.FirstName, "resetUrl": fmt.Sprintf("https://app.example.com/reset?token=%s", token), "expiresInMinutes": 30, }, }, nil)

  </Tab>
  <Tab title="PHP">
```php
use novu;
use novu\Models\Components;

$sdk = novu\Novu::builder()
    ->setSecurity('<YOUR_SECRET_KEY_HERE>')
    ->build();

$sdk->trigger(
    triggerEventRequestDto: new Components\TriggerEventRequestDto(
        workflowId: 'password-reset',
        to: new Components\SubscriberPayloadDto(
            subscriberId: $user->id,
            email: $user->email,
        ),
        payload: [
            'firstName' => $user->firstName,
            'resetUrl' => "https://app.example.com/reset?token={$token}",
            'expiresInMinutes' => 30,
        ],
    ),
);
</Tab> <Tab title=".NET"> ```csharp using Novu; using Novu.Models.Components; using System.Collections.Generic;

var sdk = new NovuSDK(secretKey: "<YOUR_SECRET_KEY_HERE>");

await sdk.TriggerAsync(triggerEventRequestDto: new TriggerEventRequestDto() { WorkflowId = "password-reset", To = To.CreateSubscriberPayloadDto(new SubscriberPayloadDto() { SubscriberId = user.Id, Email = user.Email, }), Payload = new Dictionary<string, object>() { { "firstName", user.FirstName }, { "resetUrl", $"https://app.example.com/reset?token={token}" }, { "expiresInMinutes", 30 }, }, });

  </Tab>
  <Tab title="Java">
```java
import co.novu.Novu;
import co.novu.models.components.*;
import java.util.Map;

Novu novu = Novu.builder()
    .secretKey("<YOUR_SECRET_KEY_HERE>")
    .build();

novu.trigger()
    .body(TriggerEventRequestDto.builder()
        .workflowId("password-reset")
        .to(To2.of(SubscriberPayloadDto.builder()
            .subscriberId(user.getId())
            .email(user.getEmail())
            .build()))
        .payload(Map.ofEntries(
            Map.entry("firstName", user.getFirstName()),
            Map.entry("resetUrl", "https://app.example.com/reset?token=" + token),
            Map.entry("expiresInMinutes", 30)))
        .build())
    .call();
</Tab> <Tab title="cURL"> ```bash curl -X POST 'https://api.novu.co/v1/events/trigger' \ -H 'Content-Type: application/json' \ -H 'Authorization: ApiKey <NOVU_SECRET_KEY>' \ -d '{ "name": "password-reset", "to": { "subscriberId": "user_id", "email": "[email protected]" }, "payload": { "firstName": "Jane", "resetUrl": "https://app.example.com/reset?token=TOKEN", "expiresInMinutes": 30 } }' ``` </Tab> </Tabs>
  1. Optionally add an in-app step to notify the user that a reset email was sent.

How do I integrate with Auth0 or Clerk?

Use webhook guides to connect your auth provider to Novu:

Both patterns verify the webhook signature, map the auth event to a Novu workflow, and pass user details as the subscriber payload.

What should a password reset workflow include?

  • Email step with a clear subject, reset link, and expiration time
  • Throttle step (optional) to prevent abuse if the same subscriber triggers multiple resets
  • In-app step (optional) to confirm the request inside your application

Frequently asked questions

<AccordionGroup> <Accordion title="Should I store reset tokens in Novu?"> No. Generate and validate reset tokens in your auth system. Pass only the reset URL and metadata to Novu as workflow payload variables. </Accordion> <Accordion title="Can I send auth alerts through SMS?"> Yes. Add an SMS step to your workflow and ensure the subscriber has a phone number. Use SMS for high-priority alerts such as new device sign-in. </Accordion> </AccordionGroup>