Password reset not working after user logins


#1

I am using DreamFactory endpoint: /api/v2/user/password

The request that I am passing is:
{
“email”: “my_email”,
“new_password”: “test1001”,
“code”: “code_received_in_email”
}

I am getting an error message that the token is blacklisted. After the password reset email is triggered, the user logins to the system with the old password, and after that any new code generated gives the blacklisted error message. Any help or workaround?


#2

We fixed the problem. The problem was we were using PUT on /user/session to refresh the session token regularly. After we stopped using the PUT api call, DreamFactory started working fine. The PUT seems to be an undocumented API call for refreshing session tokens.


#3

Thanks for reporting back @vijayst, glad to hear you figured it out.

Best,
@AlexBowen


#4

We’re also using PUT to refresh the session token and we experience the token blacklisted issue when resetting the password.

Then how can you refresh the session token without using the PUT to “/user/session” endpoint?