I have setup my reset password workflow based on these steps:
I got all the way to the last step and my weweb workflow returns a valid auth code, but the current user is never actually authenticated (i.e. isAuthenticated is false). Therefore I am not able to execute the password change function
How do I get the auth token that is returned to actually authorize the user?
You need to log the user in with the new password after you update the oassword
I think you are misunderstanding. In order to change the password, I need the auth to authenticate the user first. I am getting the auth token returned to weweb, but it is not logging the user in.
Not for a password reset.
I’d request a pw reset from your app
Send the email to the sever
Have the server create a token
Save it to the user somewhere
Email it to the user as a url parameter for a reset pw link that goes to a page in your app
When they click the link they land on a page and enter a new password
This shoots a call back to weweb to an unauthorized endpoint that accepts a token and password.
The call searches for a user with that token and applies the new password and shoots back a success message.
On success, log the user in with the new password
Exactly what @jaredgibb said!
Indeed, you’ll need a “magic login” endpoint in Xano to provide a one-off token that’ll be used in an email, and a page in WeWeb that will authenticate the user with this token. Then, once the user is authenticated, send the new password from WeWeb to Xano.