From 363a24cea543261ea3a966ce1725bce9bd8efad3 Mon Sep 17 00:00:00 2001 From: James Mikrut Date: Mon, 30 Dec 2024 10:04:54 -0500 Subject: [PATCH] docs: add clarity about forgot-password and verify tokens (#10247) Adds clarity to `verifyEmail` docs, noting that the token for `forgotPassword` is different. Fixes #10236 --- docs/authentication/operations.mdx | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/authentication/operations.mdx b/docs/authentication/operations.mdx index 1e7e8d706..ad8248db7 100644 --- a/docs/authentication/operations.mdx +++ b/docs/authentication/operations.mdx @@ -269,6 +269,10 @@ const result = await payload.verifyEmail({ }) ``` +Note that the token you need to pass to the `verifyEmail` function is unique to verification and is not the same as the token that you can retrieve from the `forgotPassword` operation. It can be found on the user document, as a hidden `_verificationToken` field. + +If you'd like to retrieve this token, you can use the Local API's `find` or `findByID` methods, setting `showHiddenFields: true`. + ## Unlock If a user locks themselves out and you wish to deliberately unlock them, you can utilize the Unlock operation. The [Admin Panel](../admin/overview) features an Unlock control automatically for all collections that feature max login attempts, but you can programmatically unlock users as well by using the Unlock operation.