Open maxachis opened 1 week ago
Per @joshuagraber:
Problem 1
When I call /reset-token-validation with the reset PW token from the link I am emailed, I get the following response. {"message":"Token is valid"} But when I pass that token to /reset-password, I get the following error: {"message": "Invalid token."} So it looks like something is disjointed on the API side with validating that reset token. Maybe it's not getting stored in the user DB or something?
When I call /reset-token-validation with the reset PW token from the link I am emailed, I get the following response.
{"message":"Token is valid"}
But when I pass that token to /reset-password, I get the following error:
{"message": "Invalid token."}
So it looks like something is disjointed on the API side with validating that reset token. Maybe it's not getting stored in the user DB or something?
Problem 2
Also, the API suggests that the data should include email for /reset-password: "email": "string", "password": "string", "token": "string" } But this route is unauthenticated, so I have no way of knowing the user's email. Could we either encode this in the token or return it from the /reset-token-validation endpoint?
Also, the API suggests that the data should include email for /reset-password:
"email": "string", "password": "string", "token": "string" }
But this route is unauthenticated, so I have no way of knowing the user's email. Could we either encode this in the token or return it from the /reset-token-validation endpoint?
sub
{ "email": example@example.com "refresh_token": dflkajkjkdjijfk }
reset_token
/reset-token-validation
/reset-password
Context
Per @joshuagraber:
Problem 1
Problem 2
Requirements
subbody of:reset_tokentable/reset-token-validationup to par with other endpoints in terms of code design.Tests
/reset-passwordflow, to ensure all components work as expected with each otherDocs
Open questions