Forget Password Using JWT Tokens #9

ryumada · 2022-05-24T04:02:30Z

ryumada
May 24, 2022
Maintainer

The user's reset password is use the oldPassword as the signature. When the user has changed their account password it will always say the token is invalid because the signature is the user oldPassword.

Also, the token expiry comes in handy. We should set the token expiry to no more than 5 minutes.

For the token generation, we should limit it by 5 times in a row, after that the user should wait for 24 Hours.

resources:

Wilt, “Answer to ‘RESTful password reset,’” Stack Overflow, Oct. 28, 2015. https://stackoverflow.com/a/33389526/11332583 (accessed May 24, 2022).
“Single-Use Tokens w/ JWT,” Jan Brennenstuhl, Dec. 30, 2016. https://www.jbspeakr.cc/howto-single-use-jwt/ (accessed May 24, 2022).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Forget Password Using JWT Tokens #9

{{title}}

Replies: 0 comments

Select a reply

Forget Password Using JWT Tokens #9

ryumada May 24, 2022 Maintainer

Replies: 0 comments

ryumada
May 24, 2022
Maintainer