Skip to main content

Reset password

The password recovery feature will be automatically enabled to you when you have a valid Email connector or SMS connector configured. User can reset their password by providing their registered email address or phone number.

Password reset flow

Once the reset password feature is enabled, a "Forgot password" link button will be displayed under the sign-in form. Users can click the "Forgot password" link to initiate a password reset process.

note:

Not seeing the "Forgot password" link? Make sure you have a valid Email or SMS connector configured.

  1. Visit sign-in page: User visits the sign-in page.
  2. Click on Forgot password link: User clicks on the "Forgot password" link.
  3. Enter email/phone: After clicking on the "Forgot password" link, user will be redirected to a new page where they can enter their registered email address or phone number.
  4. Send verification code: Logto will send a verification code to the user provided email address or phone number and redirect to the code verification page.
  5. Enter verification code: User enters the verification code received in their email or phone. Logto will verify the code and identity of the user associated with the email address or phone number.
  6. Enter new password: User will be prompted to enter a new password once the verification code is successfully verified
  7. Successful password reset: If the provided password meets the password policy requirements, the password will be updated successfully.
  8. Redirect to sign-in page: User will be redirected to the sign-in page to sign in with the new password
Reset password flow

Update password for authenticate users

For authenticated users, they can update their password by visiting the account settings page. Check the account settings to learn more about implementing a user account settings page.

FAQs

How to sign-out a user after a successful password reset?

Subscribe to the PostResetPassword webhook event to receive a notification when a user successfully resets their password. You can then trigger a sign-out action to invalidate the user's current session and redirect them to the sign-in page.

How to implement the password reset flow on my custom UI?

You can implement your own password reset flow by using the Logto's Management API and Account API. Checkout account settings for more details.

You can create a self-hosted password reset endpoint and utilize the Logto SDK to initiate a sign-in request with first_screen set to reset-password. This will seamlessly redirect the user to the password reset page.

Design your password policy