Password Reset Functionality: Part 2

Docs Security and Login
#21

I’ve tested in the browser. I receive my pwd reset link by email, for ex:
http://mydomain/~mangosteen/changepwd.php?email=fredkzk@email.com&id=$argon2id$v=19$m=65536,t=4,p=1$YVpHTGtwbVV4SUhRMG9SUQ$DrbetAoLHZUEY207AVHdHz0k6OBZOJLvD6iC0Awz0Fk
I get error 400 when I validate a new password on that changepwd page.

Steps I’m referring to: in the reset request API
image
And in the password update API steps, wherever the error may come from. Any tips on how to debug the error?
image

#22

You cannot compare argon2id hashes like that … they are never the same! It does not work like sha hashing methods.

1 Like
#23

Thanks for clarifying, I’ll resort to sha method for the reset.
Can I however keep argon for register/login/DB updates or there might be conflict?

#24

I tested it and it works: Can have new users pwd hashed with argon and do the pwd reset url params with sha at the same time :+1: