Just recently found out that we can’t pass the reset password token to the frontend e.g. set it as a state, add it in a text, etc.
We can only use it via the send email function.
For context, what we’re doing is manual creation of accounts through an admin dashboard. We do send the password reset through email but for added convenience, we wanted to simply return the token, structure the URL, and return the value to the frontend where we could simply copy it and send the link to our users — allowing them to not check their emails anymore.
We tried setting the token to a state but it didn’t work, our subsequent workflows, specifically a “trigger custom event x when data changes” just stopped working. The data in the DB changed but the action won’t trigger at all.
Here’s a detailed response from uncle @keith as to why this happens.
As per Keith, the only allowable option seems to be to email the token to a different account.
We could do this but it’ll be a hassle to keep opening our emails just to copy the token.
Honestly, the answer is pretty much there (Not Possible) but I’m just shooting my shot in case there has been a miracle
I was thinking, since it’s not allowed to pass the token in the frontend, what if I just create an API call to my own app where I would pass the token value in a parameter and have the data return to the frontend?
Would Bubble read this as a different string completely unrelated to the password reset token?
Would greatly appreciate any suggestions and insights!
Technically the API route would work but we decided not to do it since the frequency of that event happening is not that high so it wasn’t feasible for us
I don’t have the exact same use case as you, @ntabs, but the solution I’m about to try may work for you as well. I’m going to send the pw reset email to an un-manned inbox, use Zapier to parse the email, pull token from the body so I can use it however I want from that point.
Possibly the same outcome as the API call, with much less effort.
I disagree here. Setting up your own internal API connection would be much easier than setting up zapier, parsing the email, etc. Not to mention the extra costs of zaps as what @code-escapee mentioned
I don’t understand why internal API connection keeps coming up. Given the use case I struggle to understand how anything else is being considered or what this means “Tokens would expire in 24 hours. Storing it in the DB would not make sense” @ntabs, what am I missing?
