A way to seach:users without having to expose them all?

Hi!
On my reset password page, I do a search:users using the Reset Token so that I can pre-fill the email and username fields, which I think is pretty neat.
But as the user is not logged in at this moment, it means I need to expose all my users in my privacy data rules to ‘find in searches’… Which is really not ideal…
Would there be a way to send the Reset Token to a backend workflow that would then send back the user, without having to do this in the frontend?
Thank you!

It seems like a long shot, but you can try is to setup an API call through the API Connectir to your own app to retrieve the data.

You would probably need to create a new data type in which you’ll store the Token and the User to retrieve it after.

I’m not sure it will work or be of use in your use case, but I think it’s worth giving it a shot.

In the order :

  • Schedule your backend workflow from the frontend
  • Find your data and store it somewhere
  • Make your API Call to your app to retrieve the data (by using the corresponding token)

I think it should be doable :slight_smile:

Hey @ThomasC2A thanks for your input.
I can kind of see the first 2 steps you suggest but the 3rd is a bit of a mystery… How would you ‘bring the info back’ to the frontend?

I can kind of see how you could alternatively just do it with a new datatype…

  • Create a new element with just an email in it
  • Expose all those elements
  • Search through those elements (low risk)
  • Delete element when used
    Maybe I’ll try that…

OK thanks @NigelG I’ll try this solution…

I love Nigel’s solution but wanted to throw another solution out there as well. If you just create the token and send a custom password reset email, you can add additional parameters to the link like this. Then simply grab the url parameter to populate your fields.
image

4 Likes

True :+1:
This is actually quite a nice way to do it. Thanks!