diff --git a/server/src/infra/auth_service.rs b/server/src/infra/auth_service.rs
index e8f8c7e..ce7bc1b 100644
--- a/server/src/infra/auth_service.rs
+++ b/server/src/infra/auth_service.rs
@@ -677,7 +677,7 @@ pub(crate) fn check_if_token_is_valid<Backend>(
     })
 }
 
-pub fn configure_server<Backend>(cfg: &mut web::ServiceConfig)
+pub fn configure_server<Backend>(cfg: &mut web::ServiceConfig, enable_password_reset: bool)
 where
     Backend: TcpBackendHandler + LoginHandler + OpaqueHandler + BackendHandler + 'static,
 {
@@ -694,14 +694,6 @@ where
             web::resource("/simple/login").route(web::post().to(simple_login_handler::<Backend>)),
         )
         .service(web::resource("/refresh").route(web::get().to(get_refresh_handler::<Backend>)))
-        .service(
-            web::resource("/reset/step1/{user_id}")
-                .route(web::get().to(get_password_reset_step1_handler::<Backend>)),
-        )
-        .service(
-            web::resource("/reset/step2/{token}")
-                .route(web::get().to(get_password_reset_step2_handler::<Backend>)),
-        )
         .service(web::resource("/logout").route(web::get().to(get_logout_handler::<Backend>)))
         .service(
             web::scope("/opaque/register")
@@ -715,4 +707,14 @@ where
                         .route(web::post().to(opaque_register_finish_handler::<Backend>)),
                 ),
         );
+    if enable_password_reset {
+        cfg.service(
+            web::resource("/reset/step1/{user_id}")
+                .route(web::get().to(get_password_reset_step1_handler::<Backend>)),
+        )
+        .service(
+            web::resource("/reset/step2/{token}")
+                .route(web::get().to(get_password_reset_step2_handler::<Backend>)),
+        );
+    }
 }
diff --git a/server/src/infra/tcp_server.rs b/server/src/infra/tcp_server.rs
index 27a751e..c27846d 100644
--- a/server/src/infra/tcp_server.rs
+++ b/server/src/infra/tcp_server.rs
@@ -73,6 +73,7 @@ fn http_config<Backend>(
 ) where
     Backend: TcpBackendHandler + BackendHandler + LoginHandler + OpaqueHandler + Sync + 'static,
 {
+    let enable_password_reset = mail_options.enable_password_reset;
     cfg.app_data(web::Data::new(AppState::<Backend> {
         backend_handler,
         jwt_key: Hmac::new_varkey(jwt_secret.unsecure().as_bytes()).unwrap(),
@@ -81,7 +82,10 @@ fn http_config<Backend>(
         mail_options,
     }))
     .route("/health", web::get().to(|| HttpResponse::Ok().finish()))
-    .service(web::scope("/auth").configure(auth_service::configure_server::<Backend>))
+    .service(
+        web::scope("/auth")
+            .configure(|cfg| auth_service::configure_server::<Backend>(cfg, enable_password_reset)),
+    )
     // API endpoint.
     .service(
         web::scope("/api")