How to integrate the Next Identity Hosted Journeys forgot password workflow

You can initiate a forgot password journey either when a user clicks on that user journey link in the /authorize screen, or you can take a user directly to that form by passing in a URL.

Integrating the forgot password screen via a URL requires further configuration.


The forgot password request consists of the base domain + the endpoint (/forgot-password) + parameters. Available parameters are listed below the example.

Required Parameters

The following parameters must be included on every request.

redirect_uriConfigures the URL the user is redirected after a successful authentication.

Important note: this URL must be included in the redirect_uri_allowlist client settings.
client_idID used to authenticate the API call. This client must be configured with the login_client feature.
response_typeValue that determines the authorization processing flow to be used, including what parameters are returned from the endpoints. We only support authorization code flow which means the only acceptable parameter is: code.
stateThis state parameter is constructed by your application and included in the call to the hosted Next Identity service. It will remain unchanged and will be passed back to your application when the screen is redirected back. It is intended for use by your application to track user state. It should be an opaque value used to maintain state between the request and the callback.

Typically for applications, Cross-Site Request Forgery (CSRF, XSRF) mitigation is done by cryptographically binding the value of this parameter with a browser cookie. This value is required on every call, but the hosted service does not use this value in any way, it is solely for use by the application.

Doing so, the application can check and evaluate the value of the state parameter if it is correct or meets a specified criteria then perform expected actions or user journeys on the application-side.
scopeOpenID Connect requests must contain the openid scope value. If the openid scope value is not present, the behavior is entirely unspecified. Other scope values may be present.
Scope values used that are not understood by an implementation should be ignored.

Optional Parameters

The following parameters are optional.

ui_localesSet the language to be displayed in the screen. Session cookie will save the locale setting sent for the first time, if this parameter is not present the latest language saved will be used to display the screen. It allows multiple locales and in case there's no configuration for the first one, it searches for the second one and so on.
Since the ui_locales parameter is optional, if there is not present it will use the default_locale on settings.

See Localization for list of supported locales and the accepted values.