Password Reset Service
Component Detail
Service Layer
medium complexity
backend
1
Dependencies
0
Dependents
0
Entities
0
Integrations
Description
Handles the generation, delivery, and validation of time-limited signed reset tokens. Sends the reset email via the platform email gateway and invalidates the token after a single use to prevent replay attacks.
password-reset-service
Sources & reasoning
The feature spec explicitly requires a reset flow that 'issues a time-limited signed token delivered by email and invalidates it after use'. This distinct lifecycle (generate → email → validate → invalidate) warrants its own service separate from the core sign-in logic.
No source references — this artifact was included based on reasoning alone (see above).
Responsibilities
- Generate cryptographically signed, time-limited reset tokens
- Dispatch reset-link email via platform email gateway
- Validate reset token on redemption (expiry and single-use enforcement)
- Invalidate used or expired tokens
Interfaces
generateResetToken(userId) → signedToken
sendResetEmail(email, resetLink) → void
validateResetToken(token) → userId | null
invalidateToken(token) → void