You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Due to an oversight, it's currently only possible to use recovery codes / account reset links to regain access to the account, but it not to reset your credentials once authenticated (as changing your password at that point requires your current password to be provided)
To solve this, I'll change the way account recovery works. Instead of directly authenticating the user and sending them to the account settings page, I will make it so that the user enters a "confirmed recovery state" (similar to the 2FA challenges) where the user can then (depending on the account type) either register a new passkey, or choose a new password.
Once a new credential has been registered and the recovery mode cleared, the user will be returned to the login page.
The text was updated successfully, but these errors were encountered:
Due to an oversight, it's currently only possible to use recovery codes / account reset links to regain access to the account, but it not to reset your credentials once authenticated (as changing your password at that point requires your current password to be provided)
To solve this, I'll change the way account recovery works. Instead of directly authenticating the user and sending them to the account settings page, I will make it so that the user enters a "confirmed recovery state" (similar to the 2FA challenges) where the user can then (depending on the account type) either register a new passkey, or choose a new password.
Once a new credential has been registered and the recovery mode cleared, the user will be returned to the login page.
The text was updated successfully, but these errors were encountered: