I added a function for forgot password on the app. where I send the user an email and when they click on the reset link they should be redirected to a webpage (outside of the app) update their password and then comeback to the app to login
But the reset password link shows this error
What other ways can I set this up on the mobile app?
You can store somewhere (custom state or display data and in device storage in future) randomly generated code and send them to user email.
After user entered the code and it’s match with securely stored one you can start the process:
user entered the new password
assign a temp password to a user
update the users’s credentials
3.1 old PW is result of step 1
3.2 new PW is just entered value
login the user with new PW
And all of this can be done within the app, without having to redirect the user to a browser
Security Note: This would expose the user’s account on the device for the moment, allowing a bad actor to get in – would not take this approach if the app is dealing with sensitive info
I send the assign temp password’s code to the user’s email and create a check on the user where they have to update their password whenever that email is entered.
Email is sent from a backend workflow so no view on the frontend of the app