Password Reset
Most web applications provide a way for users to reset their forgotten passwords. Rather than forcing you to re-implement this by hand for every application you create, Apiato provides convenient services for sending password reset links and secure resetting passwords.
Configuration​
All the configuration options for the password reset feature are located in the app/Containers/AppSection/Authorization/Configs/appSection-authentication configuration file.
Make sure that you have configured the MAIL_FROM_ADDRESS in your .env file.
Include your web app's password reset page URL, such as https://myapp.com/password/reset,
in the allowed-reset-password-urls array within the appSection-authentication configuration.
Routing​
Requesting The Password Reset Link​
To request a password reset link, call the /password/forgot endpoint with the user's email address.
Resetting The Password​
To reset the user's password, call the /password/reset endpoint with the user's email address,
new password, and password reset token.
Process Flow​
-
Add your web app's password reset page URL, for example,
https://myapp.com/password/reset, to theallowed-reset-password-urlsarray within theappSection-authenticationconfiguration. -
Call the
/password/forgotendpoint with a reset URL of your choice, which should correspond to one of the URLs in theallowed-reset-password-urlsarray. This endpoint will send the user an email containing a link like this:
https://myapp.com/password/[email protected]&token=51f8d80182f3785648c9b9dc7162719d158fc418b3cca86c14963638ec83d663 -
When the user clicks on that link, they will be directed to your front-end app's password reset page. From there, you can collect the user's new password and make a call to the
/password/resetendpoint with all the required fields to complete the password reset.