How does Stormpath Password Reset work?

Stormpath password reset is based on a secure, industry standard email workflow. It works like this:

  1. User requests a password reset in your application
  2. Your application makes a call to Stormpath to trigger a password reset email
  3. Stormpath sends the user a customizable email that contains a password reset link. Embedded in this link is a limited-life token (generated by Stormpath)
  4. User clicks the link and your application consumes the embedded token to verify it against Stormpath
  5. Once the token has been verified, your application displays a page containing a password entry form to the user
  6. Your applications makes a call to Stormpath with the user’s new password
  7. (Optional) Stormpath sends a success email to the user

This workflow is automated in our SDKs and can be customized with your own branding to ensure a consistent experience for your users. For detailed documentation:

REST API Password Reset Implementation Docs
Java SDK Password Reset Implementation Docs
Node.js SDK Password Reset Implementation Docs
Python SDK Password Reset Implementation Docs
Ruby SDK Password Reset Implementation Docs
PHP SDK Password Reset Implementation Docs

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.