Forgot password flow

The forgot password flow was mainly developed for native apps, to have a step right into the forgot password flow, without first showing the login page. It also fixes the issue where forgot password could not be made when an user was logged in.

URL Path: /flow/password

How it works

The flow consists of 3 or 4 steps. Before those steps there are however an invisible one where the current logged in user, if any, is logged out. The flow follow these steps

  • User, if any logged in, is logged out
  • Step 1: The enter email view, where user requests a new password email
  • Step 2: The email, which contains a link to be clicked
  • Step 3: The reset password view, where a new password can be set
  • Step 4: The confirmation view, where user gets a confirmation of the password change (optional, default disabled)
  • User is redirected back to client / app, not logged in and without authorization code

The last step of that flow is however optional, and not shown by default. To trigger step 4, you need to initiate the flow with the query parameter confirmation=true.

Flow is initiated by path /flow/password and require query parameters client_id, redirect_uri. Optional query parameters include, among others, confirmation, cancel_redirect_uri.

How it looks

Client teaser and Custom CSS is applied to all of the steps. See Flows for more info.

Flows

Help us improve

Did you spot an error? Or maybe you just have a suggestion for how we can improve? Leave a comment, or better yet, send us a pull request on GitHub to fix it (in-browser editing, only takes a moment).

History of this page

Comments/feedback

Do you have questions, or just want to contribute some newly gained insight? Want to share an example? Please leave a comment. SPiD reads and responds to every question. Additionally, your experience can help others using SPiD, and it can help us continuously improve our documentation.