> ## Documentation Index
> Fetch the complete documentation index at: https://docs.insforge.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Open password reset flow from browser link click

> Browser-oriented password reset link flow.

This endpoint is intended for users clicking password reset links in email.
It validates the token on the backend and redirects the browser to the
stored, validated `redirectTo` URL with the reset token in the query string.

Redirect query params:
- Ready: `token=...&insforge_status=ready&insforge_type=reset_password`
- Error: `insforge_status=error&insforge_type=reset_password&insforge_error=...`
- `token`: present only when `insforge_status=ready`
- `insforge_status`: `ready` or `error`
- `insforge_type`: always `reset_password`
- `insforge_error`: present only on error, human-readable message

Your app should render the reset-password form only when `insforge_status=ready`
and `token` is present.




## OpenAPI

````yaml https://raw.githubusercontent.com/InsForge/InsForge/main/openapi/auth.yaml get /api/auth/email/reset-password-link
openapi: 3.0.3
info:
  title: Insforge Authentication API
  version: 2.0.0
  description: Authentication endpoints with separated auth and profile tables
servers: []
security: []
paths:
  /api/auth/email/reset-password-link:
    get:
      tags:
        - Client
      summary: Open password reset flow from browser link click
      description: >
        Browser-oriented password reset link flow.


        This endpoint is intended for users clicking password reset links in
        email.

        It validates the token on the backend and redirects the browser to the

        stored, validated `redirectTo` URL with the reset token in the query
        string.


        Redirect query params:

        - Ready: `token=...&insforge_status=ready&insforge_type=reset_password`

        - Error:
        `insforge_status=error&insforge_type=reset_password&insforge_error=...`

        - `token`: present only when `insforge_status=ready`

        - `insforge_status`: `ready` or `error`

        - `insforge_type`: always `reset_password`

        - `insforge_error`: present only on error, human-readable message


        Your app should render the reset-password form only when
        `insforge_status=ready`

        and `token` is present.
      parameters:
        - name: token
          in: query
          required: true
          schema:
            type: string
          description: 64-character password reset token from the email link
      responses:
        '302':
          description: Browser redirected to the stored redirect URL
        '400':
          description: Invalid reset token or redirect target

````