WordPress Password Reset Flow For Expo App

I’m currently working on my first React Native (RN) application intended for the public. The app is built using Expo’s Managed Workflow, allowing me to focus almost entirely on React code (which is great).

The e-commerce application involves users signing in before they can place orders. If users forget their passwords, which some inevitably will, the app needs to conveniently allow them to reset their passwords.

I couldn’t find detailed or particularly helpful information on resetting passwords in a headless WordPress setup. Therefore, below, is a summary of the steps to implement a password reset flow in your RN application using Expo.

  1. Create a screen with a password reset request form.
  2. Create a custom WordPress endpoint that will invoke the retrieve_password function.
  3. Add handling of the slug “wp-login.php” in your app so that clicking the link in the reset email opens your app.
  4. Specifically, clicking the link in the password reset email should open a password reset screen with a reset form in your application and temporarily store the password reset key (stored automatically in route params). You can learn about using app/universal links to open your app from a standard web URL in the Expo Deep linking documentation.
  5. When the form is submitted, a request should be sent to another custom WordPress endpoint to save the new password. The request should succeed ONLY if a valid reset key (“user_activation_key”) is sent along with the request.

Pro tip: There is no need to delete the “user_activation_key” on your own. The key will either expire or be removed when the password is changed/reset or when a new password reset key is added.

The plan is to add more and more details to this article as I build my app. Hopefully, more details will be added in the near future. Check back later! Thanks for reading …

Leave a Comment

Your email address will not be published. Required fields are marked *