Skip to content

Password Reset Feature

Overview

The Password Reset feature allows users to securely reset their forgotten passwords via email verification. It provides a secure flow for password recovery without requiring users to remember their current password.


Features

1. Password Reset Request

Reset Request Features: - Request reset via email - Email validation - Reset link generation - Secure token generation - Reset link expiration

Request Process: 1. User clicks "Forgot Password" 2. Enters email address 3. System validates email 4. Reset link sent to email 5. User receives email with link

Link Features: - Secure token-based link - Time-limited validity - Single-use token - Redirects to reset page - Token validation

Link Format: - URL: /reset-password - Token in session/auth state - Secure token handling

3. Password Reset Page

Reset Page Features: - Token validation - New password input - Password confirmation - Password strength requirements - Secure password update

Reset Process: 1. User clicks reset link 2. Token validated 3. Reset page displayed 4. User enters new password 5. Password confirmed 6. Password updated 7. User signed out 8. Redirected to login

4. Password Requirements

Requirements: - Minimum 6 characters - Recommended: mix of letters, numbers, symbols - Password confirmation required - Password validation

5. Security Features

Security: - Secure token generation - Token expiration - Single-use tokens - Session invalidation - Secure password storage


Use Cases

Use Case 1: Request Password Reset

Scenario: User forgot password and wants to reset it.

Steps: 1. Go to Auth page 2. Click "Forgot Password" 3. Enter email address 4. Click "Send Reset Link" 5. Check email for reset link 6. Click reset link in email 7. Redirected to reset page

Expected Outcome: Reset link sent and accessible.

Use Case 2: Reset Password

Scenario: User received reset link and wants to set new password.

Steps: 1. Click reset link from email 2. Verify reset page loads 3. Enter new password 4. Confirm new password 5. Click "Reset Password" 6. Verify password updated 7. Redirected to login page 8. Login with new password

Expected Outcome: Password reset successfully.

Scenario: User tries to use expired or invalid reset link.

Steps: 1. Click expired reset link 2. Verify error message shown 3. Link marked as invalid 4. Redirected to login 5. Request new reset link

Expected Outcome: Invalid link handled gracefully.


API Integration

Request Password Reset

Endpoint: POST /auth/v1/recover

Request:

{
 "email": "user@example.com",
 "options": {
 "redirect_to": "https://app.example.com/reset-password"
 }
}

Response:

{
 "message": "Password recovery email sent"
}

Reset Password

Endpoint: POST /auth/v1/user

Request:

{
 "password": "newpassword123"
}

Note: Requires valid session from reset link.


Best Practices

  1. Password Security
  2. Use strong passwords
  3. Don't reuse passwords
  4. Change passwords regularly
  5. Use password managers

  6. Reset Link Handling

  7. Use reset link promptly
  8. Don't share reset links
  9. Request new link if expired
  10. Check email spam folder

  11. Email Security

  12. Use secure email account
  13. Don't share reset emails
  14. Verify email sender
  15. Report suspicious emails

Troubleshooting

Reset Email Not Received

Issue: Password reset email not arriving

Solutions: - Check spam folder - Verify email address correct - Wait a few minutes - Request new reset link - Check email server status

Issue: Reset link no longer valid

Solutions: - Request new reset link - Use link within expiration time - Check link not already used - Verify link copied correctly

Password Reset Failing

Issue: Cannot reset password

Solutions: - Verify password meets requirements - Check passwords match - Verify reset link valid - Try again after refresh - Contact support if persists

Invalid Token Error

Issue: Token validation failing

Solutions: - Request new reset link - Verify link not expired - Check link copied correctly - Clear browser cache - Try different browser



Last Updated: January 2025