I had to use the “forgot password” function in my app and I noticed that the email I received stated that after logging in with the temporary password, I would be prompted to update my password.
But when I logged in I was taken straight to the home screen and not given any option to update my password.
Is being prompted to update the password a function that’s supposed to happen automatically or am I supposed to build it? And if I need to build it, can I then edit the password reset email to give the user instructions customized for my app?
I had the same issue. On top of that, my app is entirely in Dutch, so the default password reset screen being in English didn’t fit at all.
You can ask ChatGPT how to build a custom setup. It can help you create a flow where the user receives a random code to reset their password. That’s what I did, and it worked really well.
Now the whole reset flow matches the theme of my app, including the fonts, background, and overall styling.
There should be a screen to enter the new password. What are the actions in the login form? Link direct to the home screen where no screen actions or link to a loading/re-direct screen where it directs to several screens based on the conditions?
Not editable yet but you can build your own flow as Steven said, like @Victor did below!
I think I’ve got the flow right now. It’s helpful that Adalo already sends users an email with a temporary password. So I opted for just building a way to reset it in the app and then putting a brief message on the Log In screen telling users where to do it.
Not 100% sure, but this approach might have some security concerns long term.
It works, yes — but if your app grows, this could potentially expose user data. From what you described, it sounds like the app might be accessing user records (emails + temp passwords) in a way that’s available even when the user isn’t authenticated.
If that’s the case, someone with the right knowledge could potentially:
Query that data
Get access to another user’s email + temp password
And reset their account
Again, I might be off depending on how you’ve set it up, so feel free to correct me — but it’s something I’d be careful with, especially as your user base grows
