To allow a user to reset their PIN if they have forgotten it, add another state to handle it. In that state, allow them to either confirm that they want to reset or cancel the request.
Resetting the PIN can only occur when a user is already authenticated via a stored token, at which point the only authentication is the PIN. So a reset will log the user out completely -- the functionality is identical to the "loggingOut" functionality, with the only difference being the copy and error messages (hence why it has its own state + internal FSM event messages).
To allow a user to reset their PIN if they have forgotten it, add another state to handle it. In that state, allow them to either confirm that they want to reset or cancel the request.
Resetting the PIN can only occur when a user is already authenticated via a stored token, at which point the only authentication is the PIN. So a reset will log the user out completely -- the functionality is identical to the "loggingOut" functionality, with the only difference being the copy and error messages (hence why it has its own state + internal FSM event messages).