Customising the reset password email

The default email

• From: [email protected], but the user will see your app name
• Subject: Reset password instructions

This is achieved by calling an API provided by us (https://api.supertokens.com). The backend SDK calls our API with the password reset link, app name and the email of the end user.

security

• We do not log / store any of this information in our servers.
• For production use, we recommend that you use the feature to send emails yourself, using your own domain. This will make it easier for end users to trust the email (since it's coming from your domain, and not from @supertokens.com)

Send a custom email

You can take full control of sending a password reset email by providing the createAndSendCustomEmail function during the init function call:

NodeJS

import supertokens from "supertokens-node";import EmailPassword from "supertokens-node/recipe/emailpassword";import Session from "supertokens-node/recipe/session";
supertokens.init({    supertokens: {         connectionURI: "...",     },    appInfo: {        apiDomain: "...",        appName: "...",        websiteDomain: "..."    },    recipeList: [        EmailPassword.init({            resetPasswordUsingTokenFeature: {                createAndSendCustomEmail: async (user, passwordResetURLWithToken) => {                    let {id, email} = user;                    // TODO:                }            }        }),        Session.init()    ]});

GoLang

import (        "github.com/supertokens/supertokens-golang/recipe/emailpassword"    "github.com/supertokens/supertokens-golang/recipe/emailpassword/epmodels"    "github.com/supertokens/supertokens-golang/supertokens")
func main() {    supertokens.Init(supertokens.TypeInput{        RecipeList: []supertokens.Recipe{            emailpassword.Init(&epmodels.TypeInput{                ResetPasswordUsingTokenFeature: &epmodels.TypeInputResetPasswordUsingTokenFeature{                    CreateAndSendCustomEmail: func(user epmodels.User, passwordResetURLWithToken string, userContext supertokens.UserContext) {                        // TODO: Send custom email                    },                },            }),        },    })}

Python

from supertokens_python import init, InputAppInfofrom supertokens_python.recipe.emailpassword.types import Userfrom supertokens_python.recipe import emailpasswordfrom typing import Dict, Any
async def create_and_send_custom_email (user: User, password_reset_url_with_token: str, user_context: Dict[str, Any]):    pass # TODO: Send custom email
init(    app_info=InputAppInfo(api_domain="...", app_name="...", website_domain="..."),    framework='...',     recipe_list=[        emailpassword.init(            reset_password_using_token_feature=emailpassword.InputResetPasswordUsingTokenFeature(                create_and_send_custom_email=create_and_send_custom_email            )        )    ])

• You can get the user's email via the user input param.
• Your email must direct the user to open the passwordResetURLWithToken link. This link is a full URL, with the password reset token. It points to the password reset page on your website (/auth/reset-password by default).
• Any errors thrown from this function will be ignored.
• The function will be called each time the user clicks on the button to send a password reset email.

important

When using this callback, you must manage sending the email yourself.