Password Reset Link is Invalid screen (v1) overview

๐Ÿ“˜

Looking for the Hosted Login v2 version of this screen? Then see Password Reset Link v2.


The resetPasswordCodeExchange screen is displayed when a user clicks an invalid reset password link (these links are emailed to users who click the Forgot Password? link on the sign-in screen and then supply a valid email address). Typically this screen appears because one of the following scenarios took place;

  • The reset password link has already been used: password reset links are for one-time use only. For example, suppose you click a reset password link then, for whatever reason, donโ€™t reset your password. A few minutes later, you click the reset password link again. When you do that, youโ€™ll see the resetPasswordCodeExchange screen. Thatโ€™s because the link has already been clicked once, even though you didnโ€™t do anything after clicking the link.

  • The reset password link has expired: by default, these links are only valid for 15 minutes. If 15 minutes is too long (or too short), you can modify the lifetime for a reset password link by using the recover_code_lifetime setting.


Reset password screenย flow

The following graphic shows how the resetPasswordCodeExchange screen fits into the Reset Password flo:


See also