Password resets

Available on the following plans

FreeBasicPremiumUltimateEnterprise

About Password Resets

Password reset allows your end users to regain access to their accounts by creating a new password if they have forgotten or lost their current one. Password reset is included by default for user accounts that use a password to log in.

When a user or admin requests a password reset, Userfront sends an email or webhook with a single-use link that a user can click on to reset their password.

See also: Passwords

A password reset email

Password Reset Requirements

Userfront’s password reset links can only be used once each.

By default, password reset links expire after 1 hour, but can be made to expire between 10 seconds and 1 month.

Attribute
Setting
Expiration
1 hour (default)
Reusable
No

Password Reset Handling

Email links

By default, Userfront emails a password reset link directly to the user requesting the link. No configuration is required to have Userfront send email links on your behalf.

Each password reset link contains an identifier and a token, both of which are submitted during the password reset process. A standard link looks like this:

https://www.acme.com/reset?token=240be811-bda4-48a1-9658-1aee60951c49&uuid=e09e2bfc-0d2c-45f1-9744-7dcb72d1ea2d

API-generated links

You can also send your own password reset email links to your users by generating the links directly via the Generate link credentials API endpoint.

UI components

The Userfront Toolkit comes with password reset handling built in. End users can request a password reset link, enter and confirm their password, and log in after resetting their password.

Password reset request form enter your email

The initial password reset email request form.

Password reset confirmation dialog

Confirmation that a password reset email link was sent to the user.

Password reset form

User interface for entering and confirming a new password.