const res = await server.get('/users/me')
  const token = res.data.token
  console.log({ token })
  await server.post('/users/reset-password', {
    token,
    password: newPassword,
  })

I am getting an error - token is valid or expired

Also if the http only cookie is already set do i still have to pass the token: '' in request body ?

jessrynkar2 years ago
Hey
@796632640202735616
have you looked at the example here?
https://payloadcms.com/docs/authentication/operations#reset-password

And does this work if you pass:
```
  {
    data: {
      { 
        token,
        password: newPassword,
      }
    }
  }
```
dev18002 years ago
I have tried it but its not working, its showing an error "the token is invalid or expired"
jessrynkar2 years ago
try wrapping lines 10 & 11 in this object
data: {...}
, does that work?

dev18002 years ago

async function changePassword(input: ChangePasswordInputType) {
  const res = await server.get("/users/me")
  const token = res.data.token
  console.log({ token })
  return await server.post("/users/reset-password", {
    data: {
      token,
      password: input.newPassword,
    },
  })
}

like this ?

jessrynkar2 years ago
yep like that
dev18002 years ago

I am passing the JWT token here, do i have to pass any other token ?

maybe the _verificationToken, how can i generate it ?
jessrynkar2 years ago
Okay you can revert that change - your initial request looks correct.

So I believe you have to pass the token that is generated when you first hit the
/forgot-password
route

After a user has "forgotten" their password and a token is generated, that token can be used to send to the reset password operation along with a new password which will allow the user to reset their password securely.
dev18002 years ago
i wan't to reset the password - forgot and reset are two different APIs, i have my old password but wanted to change it now, how can i do that?

the forgot password route send the token on email, can i skip this part ?

"the Forgot Password operation will generate an email and send it to the respective email address with a link to reset their password." can i get this token in '../forgot-password' API's response ?
jessrynkar2 years ago
Yes you can disable the forgot password email by passing
disableEmail: true
and get the token from the API response - I'll dig into this further tonight to give you a clearer answer
igormfelast year
Any news on this issue?

Open

Continue the discussion in Discord

Star on GitHub

Star

Chat on Discord

Discord

online

Can't find what you're looking for?

Get dedicated engineering support directly from the Payload team.