Docs : SDK : forgotPassword
forgotPassword lets you send a temporary password to the user's email address. This API will return a promise that gets resolved once the email with the temporary password has been sent. The user can then provide the temporary password to signIn and updateUser to change their password.
userbase.forgotPassword({
username: 'example-username'
}).then(() => {
// email with temporary password sent
}).catch((e) => console.error(e))
Parameters
-
username [string | Len: 1-100] - The username for the account to send a temporary password to.
-
deleteEndToEndEncryptedData [boolean | optional] - When the user changes their password using the temporary password, this indicates whether or not the server should delete the user's end-to-end encrypted data. Defaults to false. Note that this parameter can be ignored when your application is set to the server-side encryption mode.
Notes
-
When your app is set to the end-to-end encryption mode and a user forgets their password, regaining access to their end-to-end encrypted data is possible, but only when the user has provided an email address during signUp or updateUser, and when the user has previously signed in with the rememberMe option set to 'local'. In this case, the user will have the encryption key saved in the browser's local storage, and the user will be able to regain full access to their data by getting a temporary password via email. The user must still have access to a previously used device in order to be able to reset the password in this way. Therefore, if you want to allow your users to reset their password, make sure to set rememberMe to 'local' during signUp and signIn, and make sure you require an email address during signUp and updateUser. We still recommend that when you use the 'end-to-end' encryption mode, you inform your users that since their data is end-to-end encrypted, they should take care to store their password in a safe place, such as a password manager. Recovery will not be possible if the user loses access to all previously used devices.
-
When your app is set to the end-to-end encryption mode and a user forgets their password and loses access to all previously used devices, the user can still regain access to their account and delete all inaccessible end-to-end encrypted data by setting deleteEndToEndEncryptedData to true.
Errors
- ParamsMustBeObject
- ParamsMissing
- UsernameCannotBeBlank
- UsernameMustBeString
- DeleteEndToEndEncryptedDataMustBeBoolean
- AppIdNotSet
- AppIdNotValid
- UserNotFound
- UserEmailNotFound
- KeyNotFound
- ServiceUnavailable
