New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Password reset for mobile apps #594
Comments
Additional information on mobile development: Opening an app directly from a link, requires setting up what is called universal deep links in mobile. It essentially tells the mobile OS that this URL should not be opened by a Webbrowser, but by this downloaded app instead. However this needs to be setup beforehand with validating ownership by hosting certain files on the backend by both Apple ans Android. Even if we go down that route, and setup so that the https://.nhost.io is opened by the app, we are back at the issue that then this URL doesn't hit the nhost backend but actually the mobile app - so the app needs to somehow manage this URL by logging the user in (which right now would probably mean parsing out the refreshToken, calling nhost.auth.refreshSession(refresh token) and then set new password. But then a more robust solution would actually be to just pass the refresh token directly into the email template and let us setup the right URL to avoid having to do the universal deep link setup for the nhost domain |
@Svarto Has there been any news or progress that you know of on this ticket from Nhost? Or have you succeeded in making progress yourself? |
Was wondering if this work was part of a solution you'd been working on: #679 |
For example, even in a React Native mobile app I could see using the work in #679 to follow the web version of the flow instead of trying to deal with deep links and just asking the user to flip back to the app. E.g.
If devs add Linking support to the app, then improvements could be (if in Safari):
Wondering about your thoughts - or a nudge towards how to do all in-app. Thanks! |
Hmm. Having stepped through doing a resetPassword() and watching the user's ticket get recorded in the |
I see now that there's also a PR nhost/hasura-auth#186 from earlier which must be part of this. Looking.... It's a bit too bad that ReactNative doesn't have more up to date samples at this point. Will try to contribute. |
Hmm. Reading through the PR for 186 it looks like it's all there to use the ticket though I'm not seeing it on the link's URL args - is it coming from server on headers? If so, the app doesn't do header :-) how does it get onto deep link? And I also see yumee deep links mentioned but no example in the docs on how to correctly configure the NHost project with the slug etc. |
Hi @pkreipke, this is an old issue I left up but I got it working with the password reset flow for myself with the two PRs you linked. The flow goes:
This issue is not necessary any more for handling password reset flow in app. Hope the above helps, can share some code snippets too if that would help |
Very interesting, thanks! I think I might have more questions but here are a few initial ones about the specific points above: Point 1) I think you're using
|
One more: what values do you have in the "Allowed Redirect URLs" field in the Nhost dashboard? Do you include your website and the deep link I imagine it's something like "https://www.yumee.com,yumee://" |
Any update / movement on this topic? |
Yes, exactly, I put in yumee:// or whatever deep link URL you have that opens your app |
With the two PRs, is there anything missing here for mobile password reset? I realized I haven't closed this one, so will do it now if you don't have anything that you feel is missing |
@Svarto Just this question?
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
TLDR: Please expose a refreshToken as a dynamic variable in the email templates so mobile apps can build their own deep links and login the user (using
refreshSession
) to handle password resets.Unlike Nhost v1, current password reset setup in nhost V2 is not set up to work on mobile only apps according to the UX that mobile users are used to.
So, in a normal password reset scenario on mobile you want something like this:
The issue with the current setup is between step 2 and 3, to navigate the user back into the mobile app when they click on the magic link. Preferably, when clicking on a link it takes you straight back to the app and the app handles password reset.
With the current setup, the magic link needs to actually hit the nhost backend so that the password is reset and I assume something is returned to the front end SDK to know the user is logged in.
On mobile that would mean the user clicks the link, gets redirected to the Webbrowser and then suddenly goes back into the app - for one it is super weird experience but also not trivial to setup as the redirectTo URL would need to include some refresh token to login the mobile user in the mobile application and detect that password needs to be changed (i.e. tell the nhost-js SDK that the user is logged in and app needs to detect this is a password change event)
The text was updated successfully, but these errors were encountered: