https://supertokens.com/
Join Discord
Hello, We have are starting to have user unable to reset their passwords. We are using the "invite...
# support-questions-legacy
u
Hello, We have are starting to have user unable to reset their passwords. We are using the "invite flow" describe here: https://supertokens.com/docs/thirdpartyemailpassword/common-customizations/disable-sign-up/emailpassword-changes On the screen you can see the password reset page, it is in french but the text doesn't really matter is classic form reset text translated. The red text just informs the user that there was an error. When looking in the network tab of the dev console, we can see that the endpoint called by supertoken is incorrect and different from what it should be. Endpoint called by supertoken with that specific user: 
/auth/Public%3E/user/password/reset
What is expected (and hat we are calling when we try to reproduce ) : 
/auth/user/passwordreset/
Any idea where this is coming from ?
r
Hey @unemxr what’s the endpoint being called again? The screenshot is not very clear
u
For the user with the issue : 
/auth/Public%3E/user/password/reset
i blured our api adress since it is private and this is a public discution 🙂
r
i see.
whats the status code from the API call?
Which backend SDk are you using? And which version?
Finally, can i see an example reset password link?
u
Of course, sorry i forgot to provide these info initially ! We are using superToken in a nestJS application, with the following version: 
"supertokens-node": "^15.1.0"
As you can see in the screenshot the status code is 404. And here is an example of password reset link : 
/auth/reset-password?token=OWYwNDMzMzkyYjI0MGVmNmU2MTc3YzQ3ZjI1MTRkMDc1Y2Q4MDNiNjhlOTI2NDgyZmNmNzIwMjM0Nzc1OWRjYjgzMmZmZDBhM2QwNDNhODg0NWEzNGFlM2VjYzFkOTM1&rid=emailpassword&tenantId=public
. That link was sent to me an was working correctly. I've reached the customer success team asking if it would be possible to get the link sent to the user, but I expect it should be the same.
r
thanks. What's strange is that the url being queried should be 
/auth/public/user/password/reset
. But instead, it's using 
Public%3E
for that user.
So this indicates that the user's password reset link had the tenantId as 
Public%3E
instead of just 
public
.
is this only happening for that one user?
u
No we've had a 2nd occurrence today, that is why I am contacting you. We are not using the multitenant feature from supertoken, so as far as i know we didn't change anything on that side.
r
it would be very helpful if you could somhow get the password reset link. Since you have the screenshot of the user, is it also possible to see what the URL on the page was?
u
Here is the URL from the screenshot
r
yeaaa.. would need the value of the query param for 
tenantId
here
which is not shown
u
I am looking in our logs if we logged it 🙂 If not, we ll have to wait for my coworker to contact the client.
r
sounds good
u
Here is the url the user got: 
/auth/reset-password?token=ZTU4ZDUzYjJhMTU3ZWIyNmNkOWEwODY1MjllMjQ2Y2ViZmNhNTk0ZTgyMzA1ZTkyYzNiNmRhY2Q4NWI0YjM3NjVkNjRiNmZhMDIyZmEwN2ViNDZhYWJjMWY2ZmU3NWUx&rid=emailpassword&tenantId=public%3E
You were right the tenantId seems incorrect. Any idea why ?
r
hmm. Are you overriding the sendEmail function on the backend? Or sending a custom password reset email template? Or using your own SMTP service to send emails?
u
We are not overriding the sendEmail function no, nor do we send a custom template or using SMTP for now. Here is the part we do override :
r
right. Are you using the invite flow? Where you generate the password reset link manually, or send it manually in your own APIs?
or is this happening when the user is going through the regular password reset flow?
u
This is our workflow to create an user. We are manually calling the endpoint with a REST client
The EmailPassword is a superToken recipe
r
hmm this seems fine. One idea that comes to my head is that maybe the email client is changing the password reset link to add a 
%3e
at the end of it?
that would be very strange.. but i don't see any issues here. Would it be possible to log the password reset links being generated somewhere by overriding the sendEmail function? You could log it without the password reset token in the link and see see what you get
u
That would be possible, but before that i'll wait to hear back from my coworker to get the link that was sent to the user. If the link in the mail is correct then there is a problem with his browser (although its chrome with almost no extension from the screenshot). If the link is incorrect in the email as well then the problem should come from SuperToken no?
r
yup.
u
btw, I haven´t said it yet: but thank you very VERY much for your support. It is pure gold ❤️
r
happy to help 🙂
u
I'll come back to you as soon as I either have the URL from the email, or we decided to go ahead and log the reset url. See you then !
r
sounds good1
And what’s the status code you are getting from the api call?
Also, which backend SDK are you using?
And can I see an example reset password link?
u
Well i actually need your help to override the sendEmail function :/. Sorry to bother you again. Here is what i'm trying :
r
u
perfect, thanks.
Hello.| I've received the reset password email that was send to the user. The URL is correctly formatted. As we've said, if that's the case, this is very likely this is not an issue with supertokens. Do you have any idea what could be causing the issue ?
r
when you click on the url in the email, does it open it with the correct url on the browser?
cause if it does, then it's an issue with that user's email client i guess
u
Yes the URL is correct when i'm the one clicking on it. Any advice on how to proceed ? What to try ?
r
Not quite sure why this would be happening. However, you could use our pre API hook to check if the url contains this type of issue and then fix it before the request is made: https://supertokens.com/docs/emailpassword/advanced-customizations/frontend-hooks/pre-api
6 Views
PreviousNext
Powered by

SuperTokens.com

SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

Powered by