Your sign-in screen doesn’t have a Forgot Password link

Sometimes users come to your site only to realize that they don’t remember their password. And that’s fine; in that case, all they have to do is click Forgot Password? and they’ll be emailed instructions on how they can create a new password:

That’s a service that’s very handy and, for better or worse, a service that’s often used. But what happens if there’s no Forgot Password? link anywhere on your sign-in screen:

Let’s start with the obvious ramification: if this happens users won’t be able to reset their passwords, which means that those users won’t be able to login. That leads to an equally-obvious question: why don’t we have a Forgot Password? link on our sign-in screen?

To begin with, it’s possible that you could have inadvertently hidden your Forgot Password? link while changing the text of your sign-in screen or while adding a custom CSS stylesheet. Most likely, however, the problem is this: your application client doesn’t include the password_recover_url setting:

If this setting isn't configured then users can’t reset their passwords without logging on. Because of that, the Forgot Password? link is automatically suppressed. It’s that simple.

To fix the problem, add the password_recover_url setting to your application client. When adding this, create the actual URL by using this formula:

{identityDomain}/{customerId}/auth-ui/reset-password?client_id={oidcClientId}

For example, suppose your identityDomain URL is https://v1.api.us.janrain.com, your customer ID number is 01000000-0000-3000-9000-000000000000, and your confidential/public client ID is 07e4b6e4-4a6f-4825-94fe-8a7bc57196c1. In that case, the password_recover_url should be set to this:

https://v1.api.us.janrain.com/01000000-0000-3000-9000-000000000000/auth-ui/reset-password?client_id=07e4b6e4-4a6f-4825-94fe-8a7bc57196c1

That should restore the Forgot Password? link: