How to implement forgot password functionality with JWT authentication

If you have dealt with JWT authentication then you probably already know that just getting a very basic set up of authentication into your application is a hard enough task.

And if you have ever wanted to make an application for a business then you may have run into the problem of the forget password functionality. From our experience this isn’t something that most people learn when first encountering authentication.

But our great developer Samuel Gemberling, took it upon himself to not only make JWT authentication using hooks, but also figured out the functionality to get the forgot password working on our JWT authentication template.

And here’s how he did it:

1. Go into your User model and make another field that has a title of forgotPassword or resetLink. This is where the random password token will be held when the user generates a token by clicking Forgot Password.

2. JWT tokens have an expiration option on them so you know that after a certain amount of time the token will expire and clear out the forgot password token.

Here is the line of code for setting an expiration on the token and the entire forgot password function

3. You need to make a forgot password page so that the user can enter in their email address to send the reset link to.

4. Once the user get the reset link and is able to update their password you need to write out the functionality to update the new password and save the user.

Using JWT.verify method to verify that it a valid token and hasn’t expired helps to protect the user and keep they accounts more secure.

Samuel also used Node Mailer to get the reset link to send and the article on how he was able to get that to work is right HERE.

You can find his entire authentication template here and feel free to use this in any of your own projects.

Please check out Cinque Web Development for projects that we are working on and things that we have in the works.