Auth / Reset

Finish recovery with one controlled step.

This route completes the backend reset flow using the issued recovery token and a new password that satisfies the Java auth contract.

  • Reset tokens are validated only by the Java auth API, not by the browser.
  • The form supports deep-link tokens through the query string for email-based flows.
  • After success, the user returns to the standard login flow with the new credentials.

Reset password

Current backend contract: reset token plus a new password with a minimum length of 8 characters.

Use the token delivered through your recovery workflow.
Use a new unique password. Chrome and other password managers can suggest a strong one here.
Back to loginNeed help?

Successful reset does not sign the user in automatically. After completion, continue through the standard login flow with the new password.