I'm using Umbraco 12 and I wanted to provide a "forgot password" mechanism to frontend members.
I'm currently asking for the e-mail to get the MemberIdentityUser member and then using the MemberManager.GeneratePasswordResetTokenAsync(member) to get the token. I then encode it and send the e-mail with the encoded token.
After clicking the link in the e-mail, a controller is called with the encoded token and the user. A token validation is performed using MemberManager.VerifyUserTokenAsync(member, _options.Tokens.PasswordResetTokenProvider, UserManager<MemberIdentityUser>.ResetPasswordTokenPurpose, token)
I've also tried MemberManager.VerifyUserTokenAsync(member, "Default", "ResetPassword", token)
Both return false. I've debugged it and can confirm the token sent (before encoding) matches the received token.
little update: I've tried using UserManager<MemberIdentityUser> instead of MemberManager to generate and verify token but still it will always return false.
I've also tried every possible combination of provider and purpose.
My mistake, I was creating a new() UmbracoIdentityMember (not persisted) user with the member.Id instead of fetching one which led to different token signature.
Verifying member password reset token
Hey there folks,
I'm using Umbraco 12 and I wanted to provide a "forgot password" mechanism to frontend members.
I'm currently asking for the e-mail to get the
MemberIdentityUser memberand then using theMemberManager.GeneratePasswordResetTokenAsync(member)to get thetoken. I then encode it and send the e-mail with the encoded token.After clicking the link in the e-mail, a controller is called with the encoded token and the user. A token validation is performed using
MemberManager.VerifyUserTokenAsync(member, _options.Tokens.PasswordResetTokenProvider, UserManager<MemberIdentityUser>.ResetPasswordTokenPurpose, token)I've also tried
MemberManager.VerifyUserTokenAsync(member, "Default", "ResetPassword", token)Both return false. I've debugged it and can confirm the token sent (before encoding) matches the received token.
What am I missing here?
Thanks
little update: I've tried using
UserManager<MemberIdentityUser>instead ofMemberManagerto generate and verify token but still it will always return false.I've also tried every possible combination of
providerandpurpose.Is there any other way to verify the token? -_-
My mistake, I was creating a new() UmbracoIdentityMember (not persisted) user with the member.Id instead of fetching one which led to different token signature.
is working on a reply...
This forum is in read-only mode while we transition to the new forum.
You can continue this topic on the new forum by tapping the "Continue discussion" link below.