,

Creating Secure Password Resets With JSON Web Tokens






 



 


When a user of your application has forgotten their password, it can and should be reset securely. To accomplish a secure password reset, I will demonstrate how to use JSON Web Tokens (JWT) to generate a URL-safe token. The JWT contains encoded information about the user and a signature that, when decoded, is validated to ensure that the token has not been tampered with.

Illustration showing mobile, medium and wide viewports, where the layout of the header and sidebar change as the viewport widens.

Once the JWT is validated, your application can securely allow the user to generate a new password, instead of sending them their forgotten one.

The post Creating Secure Password Resets With JSON Web Tokens appeared first on Smashing Magazine.

Leave a Reply

Your email address will not be published. Required fields are marked *