Auth / Recovery

Keep recovery neutral and private.

Recovery is routed through the Java auth API and kept neutral so the UI does not expose account existence.

  • Only the email field is required for the current backend flow.
  • The UI does not expose whether an account exists for the submitted address.
  • Reset completion now lives on the dedicated `/auth/reset-password` route without changing this entry step.

Password recovery

Connected to the forgot-password endpoint with a neutral success response.

Recovery responses stay neutral so the flow does not reveal whether an account exists.
Back to loginNeed support?

If the address belongs to an account, the backend can continue the reset process without exposing account existence in the UI.