'Generating unique linq to restore password
I use JWT with java spring security to secure routes in the app.
I need to create forget password functionality to restore the password if the user forgot his password.
The process is quite standard user is to put his email and get to his email account a unique link to enter a new password.
The unique link should be:
www.somewebsite.com/auth/reset?UUID="VeryLongString"
My question is it a good practice to generate a JWT token(with expiry) on the backend and set it as a token to reset the password:
www.somewebsite.com/auth/reset?token="VeryLongJWTString" .
When I will get the request to restore the password on the web service I can check if the JWT token is valid and according to it make a password update.
Also, I didn't find much information regarding the usage of JWT tokens to reset the password so this is why I decided to ask this question.
Solution 1:[1]
I think there is no relation between the reset of password and JWT.
If the user can't authenticate, we cannot any more talk about JWT, you need to handle this functionality outside of OAUTH2 or OIDC
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | GAOUL |