Hi,
I’m in the process of migrating to Realm 10.0.
I used to have realm functionality for reseting password. That looks to be gone. I now need to implement something myself, maybe handle the reset in an app deep link. Is that correct?
I also have the same problem here.
iOS. Simply put I cannot enable Email/Passowrd authentication provider without providing a password reset URL. Which unless I am misunderstanding means I have to handle the reset myself.
Hi @donut & @Panashe_Makomo,
in the Realm UI, you can select to use a Realm function for password resets rather than an email + reset URL:
If you opt to create a new reset function, the template includes comments with the required boilerplate code – which you can use or build upon.
You can invoke the reset function from the mobile iOS app by calling callResetPasswordFunction (EmailPasswordAuth Extension Reference)
I see this option, but I don’t understand. Without an email sent, how does one reset his own password?
I think the function will be invoked from the client sdk, wehn you run the client sdk code. However i also have the same issue that the functions are not working. I am using Android btw.
Your app (e.g. through a web page) is responsible for deciding whether or not the user requesting the reset is really who they claim to be – the assumption being that the user may have lost their password.
The simplest option to implement is to have Realm send the confirmation email - in which case, you have to provide the target web page where the user can be reset (or for a mobile app, you can provide a deep/universal link so that it’s your app that does the reset.)
If you don’t want the automated email then you can provide a Realm function instead which can handle the confirmation howere you like. The function will indicate the result as either:
- failed
- pending - (the user has (in a way that you decide) notified of the reset request). The app can then execute the password reset once the user has confirmed
- success - the Realm function has changed the password (e.g. the app could have provided a reset code when calling the function that this function checks against the database before changing the password).
The docs have more details: https://docs.mongodb.com/realm/authentication/email-password/#run-a-password-reset-function
1 Like
Dear Andrew,
For the option where we get Realm to send the confirmation email, is there a sample of a simple target web page that we can use for this purpose? I am not very sure what is the role of this web page and how to go about linking the page to the password reset process.
Thank you.
2 Likes
Hi Could anybody give a sample target webpage to reset the password? I got the error “This XML file does not appear to have any style information associated with it. The document tree is shown below.” Also the xml expires date has expired.
1 Like
Hao_Ming,
There is a lot of work behind the scenes that you will have to do! I also struggled with this for a few days. I am posting here to help anyone else who is searching for a solution to how to implement password reset with the email option. The doc’s are not very clear and the examples provided are sometimes very difficult to follow.
I eventually figured out how this all works following Andrew’s suggestion.
In order to do this you should have a basic understanding of the following:
- How to create a universal link for you iOS app.
- How to create a deep link for your iOS app.
- Handling deeplinks with .onOpenURL for swiftui.
- How url parameters work.
Essentially what happens is when your app user request a password reset, an email is sent to the users email account. That email will have a link to website, that you provide. Within the url of that link, there is a token parameter added and a tokenId parameter added to the complete url address.
When you set up your app with universal link, it essentially allows your app to open automatically when the link is clicked on. So when the user requesting a password reset, clicks on the verification email, the universal link will automatically open the iOS app.
When the app opens, you can use .onOpenURL to perform what ever actions you want, including using the token parameter and the tokenId parameter that was in the URL sent from the email. With the token parameter and the tokenId parameter available, you can now use these values and pass them to the function, along with a new password to use.
await app.emailPasswordAuth.resetPassword(token, tokenId, "newPassword");
This function will update the users password provided the token and tokenId have not expired, I believe they expire after 30 mins.
Hello Andrew,
I am able to successfully reset a password with the confirmation email being sent and a deep link/universal link to my iOS app.
How do you normally handle the reset when the universal link does not open the app? For example, the user is getting the confirmation email on a pc, that does not have an iOS app installed.
Thanks.
1 Like
Hello there,
I was just wondering about the URL to reset the App password for Atlas MongoDB? I created the email and extracted the token and tokenId via my Angular App. Now I want to reset the password, but I don’t know the URL. Here is my class =>
import { Injectable } from ‘@angular/core’;
import { HttpClient } from ‘@angular/common/http’;
@Injectable({
providedIn: ‘root’
})
export class PasswordResetService {
private apiUrl = ‘https://services.cloud.mongodb.com/’;
constructor(private http: HttpClient) { }
completeResetPassword(password: string, token: string, tokenId: string) {
const resetData = {
password: password,
token: token,
tokenId: tokenId
};
return this.http.post(`${this.apiUrl}`, resetData);
}
}
Can someone help.
Cheers
Cubx