Password Reset
The password reset page is step two of the recovery flow. Members arrive here by clicking the reset link in their email. The link contains a secure token that authenticates the request.
Flow
- Member clicks the reset link from their email — the URL contains a JWT token.
- The page decodes the token and extracts the member’s email address, displaying it in a read-only field.
- Member enters a new password that meets strength requirements.
- Clicks Reset password.
- A success message confirms the password was changed.
- Member navigates Back to sign in to log in with their new password.
Token validation
The page performs several checks on the JWT token:| Check | Behaviour if failed |
|---|---|
| Token missing | Redirects to login |
| Token malformed / invalid | Redirects to login |
| Token expired | Redirects to login |
Password requirements
The new password must meet the strength rules defined by your location’s validation schema. Members see real-time feedback as they type. A show/hide toggle is available for the password field.Page layout
| Side | Content |
|---|---|
| Left | ”Real Time Sync” illustration (hidden on mobile) |
| Right | Email display (read-only), password field, and submit button |