Handling Password Reset
Hello,
I am trying to figure out if something changed here, as I'm pretty sure this used to work. On my project, I allow users of my application to ask for a password reset if they provide a valid email. This password reset calls this code:
My reset password email config looks like:
This correctly results in the user being sent an email with the link to reset password taking them to my webpage. On that webpage, I have a button, and if they click the button, it navigates to the confirmation url, which looks like this:
If I click on the button (or navigate to it directly), it seems to correctly redirect to my provided redirect, with the following in the url:
Two things that puzzle me.
1) When I check for a session with
Session is still null, with no error. I thought when I first implemented this that the session was populated, is that not what visiting the provided confirmation URL is meant to do?
2) I am not sure why the ? I include in my URL is getting wiped out, which then makes it harder to try and access the access token to authenticate the user manually after the fact
Any insight appreciated, or please let me know if I am misunderstanding how this flow is supposed to work.
Thanks!
I am trying to figure out if something changed here, as I'm pretty sure this used to work. On my project, I allow users of my application to ask for a password reset if they provide a valid email. This password reset calls this code:
My reset password email config looks like:
This correctly results in the user being sent an email with the link to reset password taking them to my webpage. On that webpage, I have a button, and if they click the button, it navigates to the confirmation url, which looks like this:
If I click on the button (or navigate to it directly), it seems to correctly redirect to my provided redirect, with the following in the url:
Two things that puzzle me.
1) When I check for a session with
Session is still null, with no error. I thought when I first implemented this that the session was populated, is that not what visiting the provided confirmation URL is meant to do?
2) I am not sure why the ? I include in my URL is getting wiped out, which then makes it harder to try and access the access token to authenticate the user manually after the fact
Any insight appreciated, or please let me know if I am misunderstanding how this flow is supposed to work.
Thanks!
