'BigCommerce Password reset link received through email needs to be used through Headless App for reseting the password via API calls?

For headless app, how to use the link provided in email for password reset To reset password in headless App, I am using https://developer.bigcommerce.com/api-reference/store-management/customers-v2/customers/updateacustomer to trigger password rest email to the user next time he logins.

The email link looks https://mystore?action=change_password&c=60&t=79c1bf34009182c0690b624039eb5634 and seems generated by bigcommerce. Now, how to utilize this link to reset the password through above mentioned API. I mean, how can I fetch information from this emailed URL to proceed further. Also, how can I validate if this URL is still valid. Curious to understand "t=79c1bf34009182c0690b624039eb5634" part of the link.

When I use Cornerstone theme, all works as expected so I am looking to implement the same through Headless approach.

After little bit of further analysis, few observations:

  • Seems Reset template is managed using stencil object i.e. {{account.resetting_link}} that provides the URL Cornorstone theme easily handles this URL being Native to bigcommerce BUT through Headless pathway, that URL shall not work until tweaked the usage through Stencil framework in NextJS Headless App
  • Alternatively, may be below approach will serve the Headless Password reset:
    • On user login if login fails for existing user -> prompt for Password forget/reset next time user logs in Next time when user logs in OR for every attempt of user login -> check for existing customer -> Check if reset flag is enabled -> Create Customer API JWT login URL and update via API the reset password email template with this new link
    • Call the usual login validation to trigger the email to customer -> Now customer will have direct login through JWT and when the url is hit, attempt to login and if works -> Present Change password screen -> Call API to update with new password
    • DONE

But still I am looking into if the existing email link can be used to further change the password i.e. decoding the URL token and getting the right user's identity to just call password update API. quite straight forward.

Please suggest if above findings make sense from Headless Password Resetting approach.

apibigcommerceheadless


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions