Open Closed

/connect/token endpoint got changePasswordToken #10416


User avatar
0
williamT.B8 created

as title mentioned, i got changePasswordToken, but what endpoint should i use that utilize that ? im using openIddict.


4 Answer(s)
  • User Avatar
    0
    AI-Bot created
    Support Team ABP Agent
    • changePasswordToken is not an OpenIddict/OpenID Connect token type and there is no built-in OAuth/OIDC endpoint (like /connect/token) that “uses” it in ABP.

    • In ABP, a “change password / reset password token” is an ASP.NET Core Identity user token (generated by UserManager.GeneratePasswordResetTokenAsync(...) / related APIs) and it must be consumed by an ABP Account endpoint (HTTP API) that performs the password change/reset (not the OpenIddict token endpoint).

    • So the correct flow is typically:

      1. Call an account endpoint to initiate the reset/forgot-password flow (server generates token + sends email/link, or returns token depending on your customization).
      2. Call an account endpoint to submit the token + new password (server verifies the token via Identity and changes the password).
      3. After password is changed, obtain an access token normally via OpenIddict (/connect/token with password / authorization_code / etc.).
    • If your goal is: “I want to exchange changePasswordToken for an access token at /connect/token”, that’s not supported by default. You would need to implement a custom OpenIddict extension grant (ITokenExtensionGrant) and validate your token yourself, then issue an access token.

      Minimal outline (ABP’s OpenIddict extension grant mechanism):

      • Register your custom grant name in OpenIddictServerOptions.GrantTypes
      • Register an ITokenExtensionGrant implementation in AbpOpenIddictExtensionGrantsOptions
      • In HandleAsync(...), validate the incoming token and return SignInResult to generate a token response.

    Sources (validated):

    • https://abp.io/community/articles/6v0df94z
    • https://github.com/abpframework/abp/blob/dev/modules/openiddict/app/OpenIddict.Demo.Server/ExtensionGrants/MyTokenExtensionGrant.cs

    This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.

  • User Avatar
    0
    williamT.B8 created

    yes i tried changePasswordToken on the api/account/reset-password but it says token invalid. can someone help?

  • User Avatar
    0
    williamT.B8 created

    sorry actually i just solved it from reading https://github.com/abpframework/abp/blob/fc7c9f22c72c6f9cb6d6a78476ef0e91b226b83a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs#L269

    is it possible to get a refund for this ticket please?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    No problem. I have refunded your ticket.

    Thanks.

Boost Your Development
ABP Live Training
Packages
See Trainings
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v10.2.0-preview. Updated on February 17, 2026, 09:10
1
ABP Assistant
🔐 You need to be logged in to use the chatbot. Please log in first.