我正在开发与next/auth登录系统,并有凭据记录系统实现仅邀请系统。是否有办法将重置密码链接添加到生成的/api/auth/signin页面?
您最好创建自己的自定义登录页面(https://next-auth.js.org/configuration/pages),然后您可以在其中添加"重置密码";您想要的功能
我看到并使用了与此相似的一个。也许这对你有帮助。
- 从我的后端发送一个帖子来创建一个新的auth0用户。此时,auth0用户。email_verified = false.
- 发送帖子,为新用户触发密码重置邮件。
{% if user.email_verified == false %}
<h1>Invitation to our awesome app</h1>
<p>Please verify your email address and set your initial password by clicking the following link:</p>
<p><a href="{{ url }}">Confirm my account</a></p>
{% else %}
<h1>Password Change Request</h1>
<p>You have submitted a password change request. </p>
<p>If it wasn't you please disregard this email and make sure you can still login to your account. If it was you, then to <strong>confirm the password change <a href="{{ url }}">click here</a></strong>.</p>
{% endif %}
<p>If you have any issues with your account, please don’t hesitate to contact us at 1-888-AWESOMECO.</p>
<br>
Thanks!
<br>
- 在密码重置电子邮件模板上配置重定向,以便当用户点击邀请链接时,他们将被提示重置密码,然后他们将被重定向到我们的应用程序,然后要求他们登录
- 我添加了一个auth0规则来设置email_verified = true在第一次登录/密码重置(这是一个可以选择)
}
if (user.email_verified || !user.last_password_reset) {
return callback(null, user, context);
}
// Set email verified if a user has already updated his/her password
request.patch({
url: userApiUrl + user.user_id,
headers: {
Authorization: 'Bearer ' + auth0.accessToken
},
json: { email_verified: true },
timeout: 5000
},
function(err, response, body) {
// Setting email verified isn't propagated to id_token in this
// authentication cycle so explicitly set it to true given no errors.
context.idToken.email_verified = (!err && response.statusCode === 200);
// Return with success at this point.
return callback(null, user, context);
});
}
下次我们需要向他们发送密码重置电子邮件时,它将使用模板的"现有用户"风格
邀请邮件pw重置链接有一个可配置的TTL -默认为5天。因此,如果他们不接受邀请,它最终会超时(如果需要,我们可以发送另一个)