requestTokenToResetPasswordEmail method
The homeserver must check that the given email address is
associated with an account on this homeserver. This API should be
used to request validation tokens when authenticating for the
/account/password
endpoint.
This API's parameters and response are identical to that of the
/register/email/requestToken
endpoint, except that
M_THREEPID_NOT_FOUND
may be returned if no account matching the
given email address could be found. The server may instead send an
email to the given address prompting the user to create an account.
M_THREEPID_IN_USE
may not be returned.
The homeserver should validate the email itself, either by sending a validation email itself or by using a service it has control over.
clientSecret
A unique string generated by the client, and used to identify the
validation attempt. It must be a string consisting of the characters
[0-9a-zA-Z.=_-]
. Its length must not exceed 255 characters and it
must not be empty.
email
The email address to validate.
nextLink
Optional. When the validation is completed, the identity server will
redirect the user to this URL. This option is ignored when submitting
3PID validation information through a POST request.
sendAttempt
The server will only send an email if the send_attempt
is a number greater than the most recent one which it has seen,
scoped to that email
+ client_secret
pair. This is to
avoid repeatedly sending the same email in the case of request
retries between the POSTing user and the identity server.
The client should increment this value if they desire a new
email (e.g. a reminder) to be sent. If they do not, the server
should respond with success but not resend the email.
idAccessToken
An access token previously registered with the identity server. Servers
can treat this as optional to distinguish between r0.5-compatible clients
and this specification version.
Required if an id_server
is supplied.
idServer
The hostname of the identity server to communicate with. May optionally
include a port. This parameter is ignored when the homeserver handles
3PID verification.
This parameter is deprecated with a plan to be removed in a future specification
version for /account/password
and /register
requests.
Implementation
Future<RequestTokenResponse> requestTokenToResetPasswordEmail(
String clientSecret,
String email,
int sendAttempt, {
String? nextLink,
String? idAccessToken,
String? idServer,
}) async {
final requestUri =
Uri(path: '_matrix/client/v3/account/password/email/requestToken');
final request = Request('POST', baseUri!.resolveUri(requestUri));
request.headers['content-type'] = 'application/json';
request.bodyBytes = utf8.encode(
jsonEncode({
'client_secret': clientSecret,
'email': email,
if (nextLink != null) 'next_link': nextLink,
'send_attempt': sendAttempt,
if (idAccessToken != null) 'id_access_token': idAccessToken,
if (idServer != null) 'id_server': idServer,
}),
);
final response = await httpClient.send(request);
final responseBody = await response.stream.toBytes();
if (response.statusCode != 200) unexpectedResponse(response, responseBody);
final responseString = utf8.decode(responseBody);
final json = jsonDecode(responseString);
return RequestTokenResponse.fromJson(json as Map<String, Object?>);
}