Consistently getting "invalid token data" when trying to reset user password

I’m trying to implement password reset in my iOS app. Upon user request, I call the following (Swift) code in the app:

let realmApp = App(id: REALM_ID)
realmApp.emailPasswordAuth.callResetPasswordFunction(email: "emailEnteredByUser", password: "password", args: [], completion)

My password reset function is the following:

exports = async function({ token, tokenId, username, password }) {
  const ses ='AmazonSES').ses("us-east-2");
  const link = `https://.../reset_password?lang=en&token=${token}&tokenId=${tokenId}`;

  // send custom email with link using Amazon SES
  const result = await ses.SendTemplatedEmail({...});

  return { status: 'pending' };

I don’t use the password sent by the app (which I literally fill with "password") for security reasons, because I have no way to authenticate the user.

The link to my website points to a JS script that looks like this:

// get parameters
const params = new URLSearchParams(;
const lang = params.get("lang");
const token = params.get("token");
const tokenId = params.get("tokenId");

const passwordField = document.getElementById("fpassword");


function confirmButtonWasClicked() {
	const app = new Realm.App({ id: REALM_ID });
	app.emailPasswordAuth.resetPassword(passwordField.value, token, tokenId).then(
		(value) => {
		(error) => {

The problem is, I get the following error every single time I try to reset the password:
Request failed (POST invalid token data (status 400)

I’m using:
RealmSwift v10.7.2
Realm-web@1.2.0 (