devise_token_auth forget password API 显示 Use POST /sign_in to sign in. GET is not supported 错误

Question

Following this solution https://stackoverflow.com/a/47761138/7818637 I am designing forgot password flow APIs on rails where I am using devise_token_auth gem for authentication.

1. A POST call to send a Password Reset Email

URL: http://localhost:3000/client/auth/password

form-data: {email: 'john@gmail.com', redirect_url: 'http://localhost:3000/client/auth/sign_in'}

2. A GET call to verify the password reset token (clicked in email)

I am receiving the the following URL on my console containing redirect_url and reset_password_token :

http://localhost:3000/client/auth/password/edit?config=default&redirect_url=http%3A%2F%2Flocalhost%3A3000%2Fclient%2Fauth%2Fsign_in&reset_password_token=ZBsx64Gk1VBraM3THZTn

When I call on this URL, I am receiving the following error:

Use POST /sign_in to sign in. GET is not supported.

What I have already tried:

Following the issuehere I have found that I am already using include DeviseTokenAuth::Concerns::SetUserByToken in my controller.

Console Logs:

Answer 1

When the users clicks the url in your email you redirect them to /password/edit path. In this action you verify the user. If everything goes right the user will be redirected in redirect_url which is the sign_in path in your case.

You should change the redirect_url in your email and create an action and a view in which the user will be redirected. In this new view you will have the fields so the user can reset the password. Make sure that the new url will use 'GET'. On form submission redirect user to sign_in path so he/she can log in with their new password.

Please read https://devise-token-auth.gitbook.io/devise-token-auth/usage/reset_password for more info.