Skip to content

bug(settings,auth): Password reset flow breaks after entering invalid ARK#20113

Draft
dschom wants to merge 1 commit intomainfrom
worktree-FXA-13162
Draft

bug(settings,auth): Password reset flow breaks after entering invalid ARK#20113
dschom wants to merge 1 commit intomainfrom
worktree-FXA-13162

Conversation

@dschom
Copy link
Contributor

@dschom dschom commented Feb 26, 2026

Because

  • When a user provides an invalid account recovery key, the flow would break.
  • At this point, the password reset token has been exchanged and was no longer valid

This pull request

  • Allows auth endpoints to accept a password forgot token or account reset token
  • Passes the account reset token as 'token' in location state
  • Introduces the 'kind' field, to signal if token is a account reset or password forgot token.
  • Cleans up some cruft in auth client
  • Brings account reset token and password forgot into alignment (same shape)

Issue that this pull request solves

Closes: (issue number)

Checklist

Put an x in the boxes that apply

  • My commit is GPG signed.
  • If applicable, I have modified or added tests which pass locally.
  • I have added necessary documentation (if appropriate).
  • I have verified that my changes render correctly in RTL (if appropriate).

Screenshots (Optional)

Please attach the screenshots of the changes made in case of change in user interface.

Other information (Optional)

Pushing up early. New functional tests pass! But still tinkering with some existing test cases. Feel free to give preliminary review.

@dschom dschom force-pushed the worktree-FXA-13162 branch 2 times, most recently from 2253566 to 8defcf6 Compare February 26, 2026 22:24
@dschom
bug(settings,auth): Password reset flow breaks after entering invalid…
06820c7 
… ARK

Because:
- When a user provides an invalid account recovery key, the flow would break.
- At this point, the password reset token has been exchanged and was no longer valid

This Commit:
- Allows auth endpoints to accept a password forgot token or account reset token
- Passes the account reset token as 'token' in location state
- Introduces the 'kind' field, to signal if token is a account reset or password forgot token.
- Cleans up some cruft in auth client
- Brings account reset token and password forgot into alignment (same shape)
@dschom dschom force-pushed the worktree-FXA-13162 branch from 8defcf6 to 06820c7 Compare February 27, 2026 17:17
@dschom dschom mentioned this pull request Feb 27, 2026
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dschom