On 10.2, when creating a drupal account and opt-in for notifying users, the user receive an e-mail for resetting his password.
In certain case the e-mail is probably considered as untrusty because when clicking on the link to /user/reset/id, it generates a access denied exception.
https://mysite/fr/user/reset/237||0||Path: /fr/user/reset/237. Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: in Drupal\user\Controller\UserController->getResetPassForm() (line 194 of /var/www/sites/mysite/drupal/web/core/modules/user/src/Controller/UserController.php).
if Copying and pasting the link from the same e-mail, there is no access exception.