I am trying to reset password of currently logged in user
const res = await server.get('/users/me')
const token = res.data.token
console.log({ token })
await server.post('/users/reset-password', {
token,
password: newPassword,
})
I am getting an error - token is valid or expired
Also if the http only cookie is already set do i still have to pass the token: '' in request body ?
Hey @dev1800 have you looked at the example here?
https://payloadcms.com/docs/authentication/operations#reset-passwordAnd does this work if you pass:
{
data: {
{
token,
password: newPassword,
}
}
}
I have tried it but its not working, its showing an error "the token is invalid or expired"
try wrapping lines 10 & 11 in this object
data: {...}
, does that work?
async function changePassword(input: ChangePasswordInputType) {
const res = await server.get("/users/me")
const token = res.data.token
console.log({ token })
return await server.post("/users/reset-password", {
data: {
token,
password: input.newPassword,
},
})
}
like this ?
yep like that
I am passing the JWT token here, do i have to pass any other token ?
maybe the _verificationToken, how can i generate it ?
Okay you can revert that change - your initial request looks correct.
So I believe you have to pass the token that is generated when you first hit the
/forgot-password
route
After a user has "forgotten" their password and a token is generated, that token can be used to send to the reset password operation along with a new password which will allow the user to reset their password securely.
i wan't to reset the password - forgot and reset are two different APIs, i have my old password but wanted to change it now, how can i do that?
the forgot password route send the token on email, can i skip this part ?
"the Forgot Password operation will generate an email and send it to the respective email address with a link to reset their password." can i get this token in '../forgot-password' API's response ?
Yes you can disable the forgot password email by passing
disableEmail: true
and get the token from the API response - I'll dig into this further tonight to give you a clearer answer
Any news on this issue?
Star
Discord
online
Get help straight from the Payload team with an Enterprise License.