Skip to main content

Password reset flow

Industry-standard, timing-safe, single-use.

Request + confirm endpoints. Responses are constant-shape and constant-time via BackgroundTasks (email dispatch happens after response flush) so email enumeration is impossible. Prior unconsumed tokens invalidated on successful reset. All sessions revoked.

Preview
z4j dashboard — Password reset flow
Reset your password Enter the email linked to your account EMAIL you@example.com Send reset link Response time constant regardless of whether the email exists. No enumeration possible. Timing-safe

Mockup of the dashboard view for this feature. Live-reloading and themed to match your dashboard.

Ships with

  • Constant-shape response: accepted=true for known + unknown emails
  • BackgroundTasks so response time is flat (~40ms delta under test)
  • Atomic session revoke on successful confirm
  • Prior tokens invalidated so a held earlier token cannot second-reset
Related

More capabilities

Unified action surface

One button set. Every engine.

Learn more

Stuck-task reconciliation

Tasks started forever. Fixed, automatically.

Learn more

Historical trends

Success rate, failure rate, throughput over time.

Learn more

Ready to try z4j?

Install z4j Feature docs