I am currently making a "forgot password" feature for my project. I'm attaching a JWT to the end of the reset password link that expires after 10 minutes. But I also want that link to only be used once (right after they reset their password). At first I figured I would just update the token expiration once they update their password (stupid) but once I did that, I realized that the token wouldn't update their url or the url in their email! So I'm just wondering if anybody knows of a way to create a single use JWT. Hopefully I gave enough information on what I'm looking for. If not, feel free to ask me to expound. Thanks in advance!
via joshbang
No comments:
Post a Comment