Early Validation of Password Reset Tokens?

Hey there,

I'm dealing with an issue with password reset flow and wondering how you handle this.

Right now, when someone clicks an expired/already-used reset link, I still show them the "enter new password" form. They don't find out it's broken until after they fill it out and click update button, which is not so good.

I can check the expire timestamp client-side to catch expired links easily. But how can I do validating the actual secret token before they waste time filling out the form?

Is there a clean way to verify the userId and secret from the reset URL when the page loads, before they even see the form? Like a validation-only endpoint or something? Or is the standard approach just to validate everything when they submit account.updateRecovery()?

TL;DR

Developers are seeking a way to perform early validation of password reset tokens before users fill out the reset form. They want to know if there is a method to check the `userId` and `secret` from the reset URL when the page loads to prevent users from wasting time. One solution could be implementing a validation-only endpoint for this purpose.

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more

Recommended threads

Need support?

Join our Discord

Get premium support