Skip to main content

Overview

The reset-password function resets a member’s password to a default value and flags their account to require a password change on their next login. This is useful for account recovery or when a member forgets their password.

Endpoint

POST /functions/v1/reset-password
This is a Supabase Edge Function that requires service role authentication.

Request Body

user_id
string
required
The unique identifier of the user whose password you want to reset. This is the user’s ID from the authentication system.

Response

success
boolean
Returns true if the password reset was successful.

Behavior

The function performs the following operations:
  1. Validates user_id: Ensures a user_id is provided in the request
  2. Resets password: Updates the user’s password to the default value (12345678) using the Supabase Auth Admin API
  3. Flags for password change: Sets force_password_change: true in the user’s profile to require a password change on next login
The default password is set to 12345678. Members will be required to change this password immediately upon their next login for security reasons.

Security Considerations

  • The password is reset to a known default value (12345678)
  • The force_password_change flag ensures the user must change this temporary password
  • The profile update for force_password_change is non-blocking - if it fails, the password reset still succeeds

Example Request

const response = await fetch('https://your-project.supabase.co/functions/v1/reset-password', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Authorization': `Bearer ${SUPABASE_SERVICE_ROLE_KEY}`,
  },
  body: JSON.stringify({
    user_id: 'a1b2c3d4-e5f6-7890-abcd-ef1234567890'
  })
});

const data = await response.json();
console.log(data.success); // true

Example Response

{
  "success": true
}

Error Response

If an error occurs, you’ll receive a response with status 400: 
{
  "error": "user_id is required"
}
Other possible errors: 
{
  "error": "User not found"
}

Common Use Cases

  • Password recovery: Help members who have forgotten their passwords
  • Account lockout resolution: Reset passwords for locked accounts
  • Administrative password resets: Manually reset passwords as needed by gym staff
  • Bulk password resets: Reset passwords for multiple users programmatically

Implementation Example

Here’s how you might implement a password reset flow in your application: 
async function resetMemberPassword(userId) {
  try {
    const response = await fetch(
      `${SUPABASE_URL}/functions/v1/reset-password`,
      {
        method: 'POST',
        headers: {
          'Content-Type': 'application/json',
          'Authorization': `Bearer ${SUPABASE_SERVICE_ROLE_KEY}`,
        },
        body: JSON.stringify({ user_id: userId })
      }
    );

    if (!response.ok) {
      const error = await response.json();
      throw new Error(error.error);
    }

    const data = await response.json();
    
    if (data.success) {
      console.log('Password reset successful');
      console.log('Default password: 12345678');
      console.log('User will be required to change password on next login');
    }
    
    return data;
  } catch (error) {
    console.error('Password reset failed:', error.message);
    throw error;
  }
}
If the force_password_change flag fails to update in the profile table, the function will log a warning but still return success. The password reset itself is the critical operation and is not affected by this non-blocking profile update.

Build docs developers (and LLMs) love

Get started for freeTalk to us