About Password Resets
Password reset allows your end users to regain access to their accounts by creating a new password if they have forgotten or lost their current one. Password reset is included by default for user accounts that use a password to log in.
When a user or admin requests a password reset, Userfront sends an email or webhook with a single-use link that a user can click on to reset their password.
See also: Passwords
Password Reset Requirements
Userfront’s password reset links can only be used once each.
By default, password reset links expire after 1 hour, but can be made to expire between 10 seconds and 1 month.
Attribute
Setting
Password Reset Handling
Email links
By default, Userfront emails a password reset link directly to the user requesting the link. No configuration is required to have Userfront send email links on your behalf.
Each password reset link contains an identifier and a token, both of which are submitted during the password reset process. A standard link looks like this:
https://www.acme.com/reset?token=240be811-bda4-48a1-9658-1aee60951c49&uuid=e09e2bfc-0d2c-45f1-9744-7dcb72d1ea2d
API-generated links
You can also send your own password reset email links to your users by generating the links directly via the Generate link credentials API endpoint.
UI components
The Userfront Toolkit comes with password reset handling built in. End users can request a password reset link, enter and confirm their password, and log in after resetting their password.
The initial password reset email request form.
Confirmation that a password reset email link was sent to the user.
User interface for entering and confirming a new password.