Forgot Password
POST/api/v1/auth/forgot-password
Initiate a password reset for a local account.
Anti-enumeration: always returns {"ok": True} regardless of whether the
email matches a user. An email is only sent when ALL of the following hold:
- A user exists with the given email.
- The user has a local password (not SSO-only).
- The user is active.
- SMTP is configured.
Tokens live for one hour and are stored on the user row directly.
Request
Responses
- 200
- 422
Successful Response
Validation Error