Hey guys !
Is there a way to validate the reset-password token (/auth/user/password/reset) without actually resetting the password
We'd like to display a reset password form only if the token is valid
r
rp
11/10/2022, 4:36 PM
hey @ulys this is interesting..
so you could override the createPasswordResetToken recipe function on the backend to call the original implementation first, which would return a token.
Then you save the token in your db before returning it from the function
Then you can make an API on your backend which takes in a password reset token and checks if it exists in your db. If it does, it's valid.
Finally, you want to remove that password reset token from your db after a certain amount of time, or if it's successfully consumed