important
This is a contributors guide and NOT a user guide. Please visit these docs if you are using or evaluating SuperTokens.
Reset Password should verify email and link accounts
- Status:
- accepted
- Deciders:
- rishabhpoddar, bhumilsarvaiya
- Proposed by:
- rishabhpoddar
- Created:
- 2022-12-01
Context and Problem Statement#
From a flow point of view, if a password reset is successful, it is also proof that the user has verified their email. If the email is verified, then it should be account linked.
The question is should the password reset API implicitly verify the email and link accounts?
Considered Options#
- Password reset API should do both
- Password reset API should do neither
- Password reset API should only verify email
Decision Outcome#
Option chosen: Password reset API should do both