I’m currently using api/v2/tickets/password-change in my app to get password reset ticket for a user (and expiry date set as well).
Is there any way to check if the issued ticket is valid/invalid? The reason I have to do that is because some users might request us to resend the password reset url. Because of the business process we have, we don’t want to issue another ticket unless the first generated one is expired or invalidated.
I don’t know of any way to check if the link is valid. I suggest instead just generating a new link for the user. In my tests, generating a new link invalidated the old one. You should test for yourself to confirm my findings.
There is a necessity for us to check the expiry (long story short) but since that seems impossible I will seek other approach e.g. only trust the most recently generated ticket.
Old question but for anyone else coming here looking for an answer to the same question.
It is possible to check the validity of the ticket by making a request to the password reset url. The page will only(In all cases I have test) return status code 200 if the link is valid. For other cases like expired ticket and already used ticket the page will return 400 Bad Request.