Self-Hosting the Forgot Password form
If you intend to self-host the Reset Password Page and utilize Wristband APIs to facilitate the Password Reset Workflow, it is necessary to override the Action Link URL for the Password Reset Email Policy in the Wristband Dashboard for your application. The URL value should point to the location of your application's self-hosted Reset Password Page.
Login Required
At a high level:
- The user clicks on the Action Link in the Password Reset Email that was sent to their inbox.
- The user is redirected to your application's self-hosted Reset Password Page.
- The user enters their new password and submits the form.
- Your application calls the Wristband Password Reset API, passing along the Email Authorization Code.
- A message is displayed to the user indicating success along with a link to your application's Login Endpoint.
At this point, the workflow is complete, and the user can attempt to login to the application.
Immediate Login Enabled
At a high level:
- The user clicks on the Action Link in the Password Reset Email that was sent to their inbox.
- The user is redirected to your application's self-hosted Reset Password Page.
- The user enters their new password and submits the form.
- Your application calls the Wristband Password Reset API, passing along the Email Authorization Code.
- Your application then redirects the user to the Wristband Create Auth Session for Password Reset API in order to create a Wristband Authentication Session for the user. The redirect URL is returned in the response from the prior step as well as an Auth Session Code that is required to successfully create the session.
- Wristband redirects the user to the Login Endpoint implemented by your application.
From here, the user would be sent through the Authorization Code Flow in order to login and gain entry to the application. Because Wristband already created an Authentication Session for the user during the flow, the user gains immediate entry into the application without having to re-enter their credentials.
Updated about 2 months ago