There is an API endpoint for getting a custom password reset page URL. It’s the same sort of link you get in a password reset email.
I have in mind to make a password reset page. Using classic login, I can customize the password reset page to be dual-mode. Reset mode for the email, and change mode for an iframe embedded in a user preferences popup modal.
I did all this. Even using window postMessage API to tell the parent page when the password change is complete, however I’m getting error 403:
- Request Method:
POST- Status Code:
403
- code: “invalid_csrf_token”
- message: “Invalid CSRF token”
- name: “CsrfInvalidTokenError”
- statusCode: 403
(It’s ok, the token is stale)
- _csrf:
Zt9vuD6C-jzeN94KpaEr8Fpx8r8kwyvuwfYs- ticket:
OVXYfqu9obitx94wnEQJTcqrWQnoYDIb
It’s providing a token, but failing the request.