Password Reset Feature¶
Overview¶
The Password Reset feature allows users to securely reset their forgotten passwords via email verification. It provides a secure flow for password recovery without requiring users to remember their current password.
Features¶
1. Password Reset Request¶
Reset Request Features: - Request reset via email - Email validation - Reset link generation - Secure token generation - Reset link expiration
Request Process: 1. User clicks "Forgot Password" 2. Enters email address 3. System validates email 4. Reset link sent to email 5. User receives email with link
2. Password Reset Link¶
Link Features: - Secure token-based link - Time-limited validity - Single-use token - Redirects to reset page - Token validation
Link Format:
- URL: /reset-password
- Token in session/auth state
- Secure token handling
3. Password Reset Page¶
Reset Page Features: - Token validation - New password input - Password confirmation - Password strength requirements - Secure password update
Reset Process: 1. User clicks reset link 2. Token validated 3. Reset page displayed 4. User enters new password 5. Password confirmed 6. Password updated 7. User signed out 8. Redirected to login
4. Password Requirements¶
Requirements: - Minimum 6 characters - Recommended: mix of letters, numbers, symbols - Password confirmation required - Password validation
5. Security Features¶
Security: - Secure token generation - Token expiration - Single-use tokens - Session invalidation - Secure password storage
Use Cases¶
Use Case 1: Request Password Reset¶
Scenario: User forgot password and wants to reset it.
Steps: 1. Go to Auth page 2. Click "Forgot Password" 3. Enter email address 4. Click "Send Reset Link" 5. Check email for reset link 6. Click reset link in email 7. Redirected to reset page
Expected Outcome: Reset link sent and accessible.
Use Case 2: Reset Password¶
Scenario: User received reset link and wants to set new password.
Steps: 1. Click reset link from email 2. Verify reset page loads 3. Enter new password 4. Confirm new password 5. Click "Reset Password" 6. Verify password updated 7. Redirected to login page 8. Login with new password
Expected Outcome: Password reset successfully.
Use Case 3: Invalid Reset Link¶
Scenario: User tries to use expired or invalid reset link.
Steps: 1. Click expired reset link 2. Verify error message shown 3. Link marked as invalid 4. Redirected to login 5. Request new reset link
Expected Outcome: Invalid link handled gracefully.
API Integration¶
Request Password Reset¶
Endpoint: POST /auth/v1/recover
Request:
{
"email": "user@example.com",
"options": {
"redirect_to": "https://app.example.com/reset-password"
}
}
Response:
Reset Password¶
Endpoint: POST /auth/v1/user
Request:
Note: Requires valid session from reset link.
Best Practices¶
- Password Security
- Use strong passwords
- Don't reuse passwords
- Change passwords regularly
-
Use password managers
-
Reset Link Handling
- Use reset link promptly
- Don't share reset links
- Request new link if expired
-
Check email spam folder
-
Email Security
- Use secure email account
- Don't share reset emails
- Verify email sender
- Report suspicious emails
Troubleshooting¶
Reset Email Not Received¶
Issue: Password reset email not arriving
Solutions: - Check spam folder - Verify email address correct - Wait a few minutes - Request new reset link - Check email server status
Reset Link Expired¶
Issue: Reset link no longer valid
Solutions: - Request new reset link - Use link within expiration time - Check link not already used - Verify link copied correctly
Password Reset Failing¶
Issue: Cannot reset password
Solutions: - Verify password meets requirements - Check passwords match - Verify reset link valid - Try again after refresh - Contact support if persists
Invalid Token Error¶
Issue: Token validation failing
Solutions: - Request new reset link - Verify link not expired - Check link copied correctly - Clear browser cache - Try different browser
Related Documentation¶
Last Updated: January 2025