Unable to change or reset password


#1

DreamFactory Version: 2.3.0 hosted on Google Cloud

I am having trouble with resetting user passwords. Initially, I thought it was a problem with my custom password reset page that gets linked from the email. I get error 500, “Error processing password reset. The token has been blacklisted” but I have the same problem from user management in the DF admin console. “Api Error
Failed to update resource: The token has been blacklisted”

If I create the user manually in the console I can change the password no problem…but once I login via my app I can no longer change it as I receive the error above.

Any suggestions?


#2

I did a lot of research on this in the last few hours. My findings around DF JWT are below.

https://github.com/dreamfactorysoftware/df-core/issues/31
https://github.com/dreamfactorysoftware/df-core/issues/32

I would be very happy if @drewpearce could provide some details about the JWT implementation since I do not know php very well at all.


#3

I have found that if you ‘Flush System-wide Cache’ from DF Admin Config, the password reset will then work without the token blacklisted error.

After the password reset is complete, you must flush the cash again, otherwise every subsequent API call by that user will also throw the blacklisted error.

Any ideas how to make sure old tokens are not saved in cache?