Password reset not working after user logins

vijayst · August 31, 2016, 9:39am

I am using DreamFactory endpoint: /api/v2/user/password

The request that I am passing is:
{
“email”: “my_email”,
“new_password”: “test1001”,
“code”: “code_received_in_email”
}

I am getting an error message that the token is blacklisted. After the password reset email is triggered, the user logins to the system with the old password, and after that any new code generated gives the blacklisted error message. Any help or workaround?

vijayst · September 1, 2016, 10:05am

We fixed the problem. The problem was we were using PUT on /user/session to refresh the session token regularly. After we stopped using the PUT api call, DreamFactory started working fine. The PUT seems to be an undocumented API call for refreshing session tokens.

DFCommunityManager · September 1, 2016, 2:43pm

Thanks for reporting back @vijayst, glad to hear you figured it out.

Best,
@AlexBowen

rbarriuso · September 7, 2016, 7:54am

We’re also using PUT to refresh the session token and we experience the token blacklisted issue when resetting the password.

Then how can you refresh the session token without using the PUT to “/user/session” endpoint?

Topic		Replies	Views
Unable to change or reset password Authentication & Security	2	2483	October 17, 2017
Session token previously blacklisted on refresh Authentication & Security	5	4753	January 3, 2017
Сan not update the password REST API	7	3940	September 27, 2017
Is there a way refresh session/token? REST API	2	2573	June 29, 2015
Reset Password Issue REST API	4	2612	September 18, 2014

Password reset not working after user logins

Related topics