OTP password reset
is there a method to verify the password reset OTP sent to user?
according to the current better auth password-reset flow with OTP we need to send OTP + new password + email and it should work, but our flow requires the OTP verification before showing the password inputs for the user.
i've found a method called
getVerificationOTP but that also re-sends a new OTP for the user and returns
which defeats the purpose of getting verification otp to verify the user's otp they're trying to use.
Thanks in advance.6 Replies
Doesn't it mean you want to use One-Time-Password token twice?
1. Verify to show
2. Verify on send
Maybe you should create another OTP (with a way to validate the second one) for 1), and leave better-auth's implementation for 2)
I would solve it embedding OTP for password reset in JWT and verifying JWT before showing the options
not sure i understand what you mean. But the way the client wants his reset password is as follows:
the user requests a password reset OTP
they get shown an OTP input, they input the OTP, it gets verified, then they can add their new password and submit it.
i've implemented a custom solution which is:
before sending the OTP email, i save the OTP in redis in order to get/verify it actually is a valid password-reset OTP. once the password resets we delete it,
Solution
I believe the OTP is already saved in
verification table of your db
https://github.com/better-auth/better-auth/pull/1149
It seems there was solution for your problem, but it's in fridge
GitHub
feat(email-otp): improve password reset flow by jasongerbes · Pull...
Closes #1148
This PR improves the Email OTP password reset flow by adding an optional checkVerificationOtp() method.
It also includes various doc improvements to make the Email OTP flows easier to ...
idk why haven't i looked in the tables 🙂 I'll blame it on today being friday 🥲
Thank you lighttab ❤️