On Fri, Aug 24, 2012 at 1:52 PM, Tyler Romeo tylerromeo@gmail.com wrote:
Wait a second. Concerning the password reset, currently it uses the user_newpassword field, which means the user is required to reset their password upon login. How is this any different than using a reset token, where the user supplies the reset token and changes their password?
Well I assume we'd put the token in the url we give the user, so they don't have to type anything in.
-Chad