Skip to main content

Reset Password

Learn how to implement password reset functionality for your users in Authsec-powered applications.

Overview

Password reset functionality allows users to securely regain access to their accounts when they forget their passwords. Authsec provides robust password reset capabilities with security best practices built-in.

Implementation

Initiate Password Reset

import { AuthsecClient } from '@authsec/sdk';

const authsec = new AuthsecClient({
  domain: 'your-domain.authsec.com',
  clientId: 'your-client-id'
});

// Request password reset
async function requestPasswordReset(email) {
  try {
    await authsec.requestPasswordReset({
      email: email,
      connection: 'Username-Password-Authentication' // Database connection name
    });
    
    console.log('Password reset email sent successfully');
    return { success: true };
  } catch (error) {
    console.error('Password reset request failed:', error);
    return { success: false, error: error.message };
  }
}

Handle Reset Token

// Verify and use password reset token
async function resetPassword(token, newPassword) {
  try {
    await authsec.resetPassword({
      token: token,
      password: newPassword
    });
    
    console.log('Password reset successful');
    return { success: true };
  } catch (error) {
    console.error('Password reset failed:', error);
    return { success: false, error: error.message };
  }
}

Best Practices

Security Measures

  • Use strong password policies
  • Implement rate limiting for reset requests
  • Set appropriate token expiration times
  • Log all password reset activities

User Experience

  • Provide clear instructions in reset emails
  • Show progress indicators during the process
  • Offer alternative recovery methods
  • Redirect users to login after successful reset