I am trying to implement a reset password flow with devise token auth gem: https://github.com/lynndylanhurley/devise_token_auth
The end client will be a mobile device (e.g. iOS, Android). I am uncertain as to how the native clients will be able to catch the url to reset password and display a password form through deep linking. Here are the general steps as I understand them:
- Fire a POST to
auth/passwordwith an email andredirect_url - This will send an email with a link to reset the password and an included
reset_password_tokenquery param. - Clicking on the link fires a GET to
auth/password/edit - This GET then fires a http 302 redirect to the
redirect_urlsent in the first request with thereset_password_tokenin the query params. Theredirect_urlshould route to the form intended to display a password field to reset a user's password. On mobile clients, ideally this would be handled as a deep link.
I am confused as to how the mobile apps will handle step 4. I heard it's difficult to deep link in a native app through a 302 redirect/may not be possible. Is there a part of the flow I am misunderstanding perhaps? I'd appreciate any clarity on how I can implement this flow successfully for mobile clients.
For reference here is the guide I am following from the official docs: https://devise-token-auth.gitbook.io/devise-token-auth/usage/reset_password
