How does it work on the back-end?

After the user submits their e-mail in step 2, we query the database to identify the user. If the user doesn't exist, then an error is returned.

If the user exists, we create a reset token which is simply a randomly generated string like 9e5bf4a8-66b8-433e-b91c-6382c1a25f00. This token is saved to the user's row in the database.

In step 3, we build an e-mail message with a link containing the token:

https://mywebapp.com/reset?token=9e5bf4a8-66b8-433e-b91c-6382c1a25f00

The reset page is able to identify the user based on the token in the URL.

In step 4, the reset password form will update their password hash in the database. It's good practice to clear the reset token from the database once the new password is set. This prevents the user from being able to use the link multiple times.

Maven Project

Our Maven project needs the following dependencies. These are defined in the pom.xml file inside the project.