Password Reset

This module provides complete functionality for the password reset process using JWT and single-use tokens.

Overview

The password reset flow follows these steps:

1. User requests password reset via email.

2. System sends email with a single-user confirmation link.

3. User clicks link and receives temporary access cookie. The user is redirected to the reset password form.

4. The new password is submitted with access cookie. The user sessions are revoked by default.

5. System updates password and revokes access token.

Configuration

The behaviour of the password reset can be configured thanks to the following settings.py parameters:

• PASSWORD_RESET_REDIRECT - the relative url with the form to set the new password on password reset. If not configured, the user will be redirected to the default password reset form at /jwt-allauth/password/reset/default/.

• PASSWORD_RESET_COOKIE_HTTP_ONLY - whether to set a http-only cookie (default: True).

• PASSWORD_RESET_COOKIE_SECURE - whether to set a secure cookie (default: not DEBUG).

• PASSWORD_RESET_COOKIE_SAME_SITE - same-site cookie policy (default: 'Lax').

• PASSWORD_RESET_COOKIE_MAX_AGE - maximum age of the cookie in seconds (default: 3600).

• LOGOUT_ON_PASSWORD_CHANGE - whether to revoke the existing sessions of the user (default: True).