For the Forgot Password workflow, instead of a clickable email link can we use a one-time generated number for the user to type in?

Alex Patterson

For the Forgot Password workflow, instead of a clickable email link can we use a one-time generated number for the user to type in? I believe it would require custom work in at least two places, just can’t find an example online of how to do this:

1. in the Forgot Password email template we would display the generated one-time number (ex. 1234)
2. on the “Forgot password sent” screen we would display input for the user to enter the number (see mock screenshot below), to be verified on entry and if successful sent to the “Change password form” screen

Alex Patterson

It is possible to configure in this way.
You can customize the forgot password email template to display the generated changePasswordId rather than using it as part of the URL.

Two pages will need to be customized for the theme:

1. Forgot password sent - update this to forward the user to the “Change password form” page. One option to perform this redirect is to use a meta refresh tag
2. Change password form - the default template uses a hidden element to submit the changePasswordId. You can use another form field that the user fills out to submit the code.

FusionAuth hosted pages will require the verification code and updated password to be submitted on the Change Password form page.
Please also note the potential security implications of shortening the verification code to 4 digits instead of the default 32 encoded bytes.