Password Reset
There are two forms to the reset password flow:
- Enter email form
- Enter new password form
Enter email form
This is shown when the user clicks on the "Forgot password" button in the sign in form. You can view it if you visit /${websiteBasePath}/reset-password path of your website (default is /auth/reset-password).
Once the user enters their email and clicks on the "Email me" button, SuperTokens will send them an email only if that email is associated with an account. Regardless, the user will always see a success state:
Enter new password form
This form is shown when the user clicks on the password reset link sent to their email. To view this form, you can navigate to /${websiteBasePath}/reset-password?token=test path of your website (default is /auth/reset-password?token=test).
Notice that the URL path is the same as that of the enter email form, however there is an extra query param token which tells SuperTokens to show the enter new password form. If you try and submit a new password with the test token value, it will fail since it's not a valid password reset token.
If the reset token has expired or is invalid, the user will see the following message
Once the user has successfully changed their password, they see the following success screen
For multi tenant use case, the password reset token will also have a tenantId query param which will be used to identify the tenant for which the password reset token was generated.
General error UI
If there are network related errors, or the backend sends a status code >= 300, then we show the following UI.
Password reset email UI
The default email we send for password reset is shown below. It is sent via our backend SDK which calls https://api.supertokens.com (our API infrastructure). See the links at the end of this page to change the email content or delivery method
