Skip to main content

Customising the reset password email

The default email#

  • From: [email protected], but the user will see your app name
  • Subject: Reset password instructions

This is achieved by calling an API provided by us (https://api.supertokens.io). The backend SDK calls our API with the password reset link, app name and the email of the end user.

security
  • We do not log / store any of this information in our servers.
  • For production use, we recommend that you use the feature to send emails yourself, using your own domain. This will make it easier for end users to trust the email (since it's coming from your domain, and not from @supertokens.io)

Send a custom email#

You can take full control of sending a password reset email by providing the createAndSendCustomEmail function during the init function call:


supertokens.init({    supertokens: {...},    appInfo: {...},    recipeList: [        ThirdPartyEmailPassword.init({            resetPasswordUsingTokenFeature: {                createAndSendCustomEmail: async (user, passwordResetURLWithToken) => {                    let {id, email} = user;                    // TODO:                }            }        }),        Session.init()    ]});
  • You can get the user's email via the user input param.
  • Your email must direct the user to open the passwordResetURLWithToken link. This link is a full URL, with the password reset token. It points to the password reset page on your website (/auth/reset-password by default).
  • Any errors thrown from this function will be ignored.
  • The function will be called each time the user clicks on the button to send a password reset email.
important

When using this callback, you must manage sending the email yourself.