Password Reset Flow for Django React Native scaffold

Copied from #tech-support

Hey guys, I’m working on ***********************************. I have a question regarding the password reset flow. The project is using the following packages:

django-allauth = “~=0.42.0”
django-rest-auth = “~=0.9.5”

Everything works as its supposed to. The /rest-auth/password/reset/ endpoint accepts an email parameter and sends the password reset email with the token. If we click the link in the email, it takes you to the password reset page. However, if I wanna do this through the REST API. The /rest-auth/password/reset/confirm/ endpoint accepts a uid and token parameter in addition to the new password. The URL received in the password reset email looks like /accounts/password/reset/key/o-5nv-b4c83b033415c78abffe/ . The documentation suggests that the email will return something like /{uid}/{token}/ which we can separate from the URL and use on the frontend. But this is not the case.Now, what I wanna know, is do we decode the token on the frontend and separate the values? Usually this flow works just works out of the box and doesn’t require any customization so what am I missing here?

I will try to update the packages and see if that changes anything. Also, package django-rest-auth is not maintained anymore so maybe its not a good idea to use it in your scaffolds.

The user flow is

  • step 1: user input the email in reset form in react-native app
  • step 2: user open the reset password link in browser and input old/new/confirm password
  • step 3: user login with new password in react native app

For this specific project, the password reset screen has to be opened inside the react native app and not the browser. For that to happen, the frontend developer needs the UID and TOKEN which is passed to the /reset/confirm endpoint.