I have been watching the mutation for resetPassword and have some concerns.
In a normal flow, the user has two use cases:
I forgot your password
This case occurs when the user does not remember their password and needs to recover it. The process is the standard, request via email, the email arrives with the tocken, etc. All this perfect.
Change your password
In this case, the user currently knows his password and simply wants to update it, the flow would be: current password, new password and confirmation.
Mutation.resetPassword performs the function of changing the password when it has been requested, that is, when the user has indicated that it must be recovered.
Now, how is the user supposed to be able to change her password without having to give her the forget my password? This is not a natural flow.
I expected something like:
Please if anyone has any ideas I will appreciate it very much.