SDKsTypeScript SDKAuthentication
Account Recovery
Request password resets and recover accounts with the TypeScript SDK.
Account Recovery
The SDK supports account recovery via email-based password reset flows. Users can request a recovery code, then use it to set a new password.
requestRecovery()
Send a recovery code to the user's email address.
requestRecovery(params: RequestRecoveryParams): Promise<{ flowId: string }>Parameters
| Name | Type | Required | Description |
|---|---|---|---|
email | string | yes | Email address of the account to recover |
Returns
Promise<{ flowId: string }> -- The flow ID for the recovery process. The actual recovery code is sent to the user's email.
Basic usage
import { AvnologyId } from "@avnology/sdk-typescript";
const client = new AvnologyId({
baseUrl: "https://api.id.avnology.com",
clientId: "app_abc123",
});
const { flowId } = await client.requestRecovery({
email: "[email protected]",
});
showMessage("If an account exists with that email, a recovery code has been sent.");
// Note: The message is intentionally vague to prevent email enumeration.
// The API always returns success regardless of whether the email exists.With rate limit handling
import { RateLimitError } from "@avnology/sdk-typescript";
try {
const { flowId } = await client.requestRecovery({ email });
showMessage("Check your email for a recovery code.");
} catch (error) {
if (error instanceof RateLimitError) {
showError(
`Too many recovery requests. ` +
`Please try again in ${error.retryAfter} seconds.`
);
}
}resetPassword()
Set a new password using the recovery code from the user's email.
resetPassword(params: ResetPasswordParams): Promise<Session>Parameters
| Name | Type | Required | Description |
|---|---|---|---|
code | string | yes | 6-digit recovery code from email |
password | string | yes | New password (must meet password policy) |
flowId | string | no | Flow ID from requestRecovery() (auto-detected if omitted) |
Returns
Promise<Session> -- The user is automatically logged in after resetting their password.
Basic usage
// Step 1: User requests recovery
const { flowId } = await client.requestRecovery({ email: "[email protected]" });
// Step 2: User enters recovery code and new password
const session = await client.resetPassword({
flowId,
code: "482901",
password: "NewSecurePassword456!",
});
console.log("Password reset. Logged in as:", session.identity.email);Full recovery flow with error handling
import {
InvalidCodeError,
ExpiredFlowError,
PasswordBreachedError,
PasswordTooWeakError,
} from "@avnology/sdk-typescript";
async function handlePasswordReset(email: string) {
// Step 1: Request recovery code
const { flowId } = await client.requestRecovery({ email });
showMessage("Check your email for a 6-digit recovery code.");
// Step 2: Get code and new password from user
const code = await getUserInput("Recovery code:");
const newPassword = await getUserInput("New password:");
try {
const session = await client.resetPassword({
flowId,
code,
password: newPassword,
});
showSuccess("Your password has been reset successfully.");
redirectToDashboard();
} catch (error) {
if (error instanceof InvalidCodeError) {
showError("Invalid recovery code. Please check and try again.");
} else if (error instanceof ExpiredFlowError) {
showError(
"This recovery code has expired. " +
"Please request a new one."
);
// Restart the flow
await handlePasswordReset(email);
} else if (error instanceof PasswordBreachedError) {
showError(
"This password was found in a data breach. " +
"Please choose a different password."
);
} else if (error instanceof PasswordTooWeakError) {
showError(`Password too weak: ${error.reason}`);
}
}
}changePassword()
Change the password for the currently authenticated user. Requires the current password.
changePassword(params: ChangePasswordParams): Promise<void>Parameters
| Name | Type | Required | Description |
|---|---|---|---|
currentPassword | string | yes | User's current password |
newPassword | string | yes | New password (must meet policy) |
Basic usage
try {
await client.changePassword({
currentPassword: "OldPassword123!",
newPassword: "NewPassword456!",
});
showSuccess("Password changed successfully.");
} catch (error) {
if (error instanceof InvalidCredentialsError) {
showError("Current password is incorrect.");
} else if (error instanceof PasswordBreachedError) {
showError("New password found in a data breach.");
} else if (error instanceof PasswordTooWeakError) {
showError(`New password too weak: ${error.reason}`);
}
}Common errors
| Error class | HTTP status | When |
|---|---|---|
InvalidCodeError | 400 | Wrong recovery code |
ExpiredFlowError | 410 | Recovery flow/code expired |
PasswordBreachedError | 400 | New password in breach database |
PasswordTooWeakError | 400 | New password fails policy |
InvalidCredentialsError | 401 | Current password wrong (changePassword) |
RateLimitError | 429 | Too many recovery requests |
See also
- Login -- Authenticate after recovery
- MFA -- Recovery codes as MFA fallback
- Error types -- Full error hierarchy