aqueduct
aqueduct copied to clipboard
stablekernel
Password Reset
Implementing a password reset feature should be quick and easy. We should have at the very least a tutorial or blogpost at the most a turnkey feature in aqueduct or separate package.
Tracking here as a feature request pending further discussion.
I don't think it's that easy end-to-end. Generating a code, storing it in a database, providing an endpoint to send the new password and code - sure, those aren't bad. But sending an e-mail that is well accepted by common consumer (e.g., gmail) or enterprise e-mail servers often requires a third-party service. Some ability to hook in a provider (including your own) to the rest of the solution might be useful, but I'm also worried that it will increase our 'support' surface for a feature that if people don't understand, they honestly shouldn't be implementing.
@joeconwaystk email might not be the best for a turnkey version but if the framework already supports end-user communication via something like push notifications we might be able to have at least one flow that works out of the box. Then it would be easy to swap out the last deliver piece with your email service, SMS, etc no problem.
The problem is there isn't a flow that works out of the box - SMS, push notifications and e-mail all fall into the same bucket with respect to needing a reliable service. There are lots of these services that are easy to integrate (esp. if you are using something like AWS, Google Cloud, Heroku, etc.) but the closest we can get to out of the box is leaving a hook for one of those services to send a message. These also require capturing a communication address (phone, e-mail, device identifier) that aren't (and won't be) required for authentication and authorization. I'm not sure reset password even belongs in the framework proper, but as a separate package.
But it's still a good idea to track this issue here.
