Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
Add ability to reset password for username / password authentication #5
both html form based flow and API based flow
desired reset flow:
On the login page, there should be a “Forgot your password?” link
When a user gets to the password reset page (
After the user has entered their email address, send them an email with a link to the password reset page on your site. This link should contain a unique password reset token that expires after a configurable amount of time and on first use.
After submitting the password reset form, display a success page (
After the user clicks the link in their email, they should be brought to a page on your site that prompts them to enter a new password. Validate the token before the page is displayed and show an error message if it's incorrect. (
After submitting their new password, change their password in the database and mark the token as used, so it can't be re-used. Email the user letting them know that their password has been reset.
Redirect to a new page that informs them that their password has been changed and they have been logged in.
Send the user an email once their password has been changed letting them know what happened.