Passwords

The React Native SDK provides headless methods to authenticate passwords, reset passwords, and check password strength.

Methods

The SDK provides methods that can be used to authenticate password-based members, reset passwords, and add a password to an existing passwordless member.

To call these methods, Passwords must be enabled in the SDK Configuration page of the Stytch dashboard.

Authenticate

The authenticate method wraps the Authenticate password API endpoint.

If this method succeeds, the Member will be granted an active session and the session data will be persisted on device.

You can listen for successful login events anywhere in the codebase with the stytch.session.onChange() method or useStytchMemberSession hook.


Method parameters


email_address*string

password*string

session_duration_minutes*int

organization_id*string
import React, { useCallback } from 'react';
import { useStytchB2BClient } from '@stytch/react-native/b2b';

export const Login = () => {
  const stytchClient = useStytchB2BClient();

  const authenticatePassword = useCallback(() => {
    stytchClient.passwords.authenticate({
        email_address: 'sandbox@stytch.com',
        organization_id: 'organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931',
        password: 'f34#x@M)wH&Kw7OD',
        session_duration_minutes: 60,
    });
  }, [stytchClient]);

  return <button onClick={authenticatePassword}>Authenticate Password</button>;
};

RESPONSE

200
{
    "status_code": 200,
    "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
    "method_id": "member-email-test-1dd089b3-8904-47ef-b943-987968e549d4",
    "member_id": "member-test-32fc5024-9c09-4da3-bd2e-c9ce4da9375f",
    "organization_id": "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
    "reset_sessions": false,
    "session_jwt": "example_jwt",
    "session_token": "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q",
    "intermediate_session_token": "",
    "member_authenticated": true,
    "mfa_required": null,
    "member_session": {...},
    "member": {...},
    "organization": {...}
}

Reset by email start


Method parameters


email_address*string

organization_id*string

reset_password_redirect_urlstring

login_redirect_urlstring

reset_password_expiration_minutesstring

reset_password_template_idstring
import React, { useCallback } from 'react';
import { useStytchB2BClient } from '@stytch/react-native/b2b';

export const ResetPasswordStart = () => {
  const stytchClient = useStytchB2BClient();

  const resetPasswordStart = useCallback(() => {
    stytchClient.passwords.resetPasswordStart({
        email_address: 'sandbox@stytch.com',
        organization_id: 'organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931',
    });
  }, [stytchClient]);

  return <button onClick={resetPasswordStart}>Reset Password</button>;
};

RESPONSE

200
{
    "status_code": 200,
    "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
    "member_id": "member-test-32fc5024-9c09-4da3-bd2e-c9ce4da9375f",
    "member_email_id": "email-test-81bf03a8-86e1-4d95-bd44-bb3495224953",
    "member": {...}
}

Reset by email

The resetByEmail method wraps the reset_by_email Password API endpoint.

If this method succeeds, the Member will be granted an active session and the session data will be persisted on device.

You can listen for successful login events anywhere in the codebase with the stytch.session.onChange() method or useStytchMemberSession hook.


Method parameters


password_reset_token*string

password*string

session_duration_minutes*int
import React, { useCallback } from 'react';
import { useStytchB2BClient } from '@stytch/react-native/b2b';

export const ResetPassword = () => {
  const stytchClient = useStytchB2BClient();

  const token = new URLSearchParams(window.location.search).get('token');

  const resetPassword = useCallback(() => {
    stytchClient.passwords.resetByEmail({
      token: token,
      password: 'f34#x@M)wH&Kw7OD',
      session_duration_minutes: 60,
    });
  }, [stytchClient, token]);

  return <button onClick={resetPassword}>Reset Password</button>;
};

RESPONSE

200
{
    "status_code": 200,
    "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
    "member_id": "",
    "session_token": "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q",
    "intermediate_session_token": "",
    "member_authenticated": true,
    "mfa_required": null,
    "member_email_id": "member-test-32fc5024-9c09-4da3-bd2e-c9ce4da9375f",
    "member": {...}
}

Reset by existing password

The resetByExistingPassword method wraps the reset_by_existing_password Password API endpoint.

If this method succeeds, the Member will be granted an active session and the session data will be persisted on device.

You can listen for successful login events anywhere in the codebase with the stytch.session.onChange() method or useStytchMemberSession hook.


Method parameters


session_duration_minutes*int

email_address*string

new_password*string

existing_password*string

organization_id*string
import React, { useCallback } from 'react';
import { useStytchB2BClient } from '@stytch/react-native/b2b';

export const ResetPassword = () => {
  const stytchClient = useStytchB2BClient();

  const resetPassword = useCallback(() => {
    stytchClient.passwords.resetByExistingPassword({
        email_address: 'sandbox@stytch.com',
        existing_password: 'existing_password',
        new_password: 'f34#x@M)wH&Kw7OD',
        session_duration_minutes: 60,
        organization_id: 'organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931',
    });
  }, [stytchClient]);

  return <button onClick={resetPassword}>Reset Password</button>;
};

RESPONSE

200
{
    "intermediate_session_token": "",
    "member": {...},
    "member_authenticated": true,
    "mfa_required": null,
    "member_id": "member-test-32fc5024-9c09-4da3-bd2e-c9ce4da9375f",
    "member_session": {...},
    "organization": {...}
    "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
    "session_jwt": "example_jwt",
    "session_token": "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q",
    "status_code": 200
}

Reset by session

The resetBySession method wraps the reset_by_session Password API endpoint.

If this method succeeds, the Member will be granted an active session and the session data will be persisted on device.

You can listen for successful login events anywhere in the codebase with the stytch.session.onChange() method or useStytchMemberSession hook.


Method parameters


password*string

organization_id*string
import React, { useCallback } from 'react';
import { useStytchB2BClient } from '@stytch/react-native/b2b';

export const ResetPassword = () => {
  const stytchClient = useStytchB2BClient();

  const resetPassword = useCallback(() => {
    stytchClient.passwords.resetBySession({
        organization_id: 'organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931',
        password: 'f34#x@M)wH&Kw7OD',
    });
  }, [stytchClient]);

  return <button onClick={resetPassword}>Reset Password</button>;
};

RESPONSE

200
{
    "intermediate_session_token": "",
    "member": {...},
    "member_authenticated": true,
    "mfa_required": null,
    "member_id": "member-test-32fc5024-9c09-4da3-bd2e-c9ce4da9375f",
    "member_session": {...},
    "organization": {...}
    "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
    "session_jwt": "example_jwt",
    "session_token": "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q",
    "status_code": 200
}

Strength check

This method allows you to check whether or not the user’s provided password is valid, and to provide feedback to the user on how to increase the strength of their password. All passwords must pass the strength requirements to be accepted as valid.

The strengthCheck method wraps the strength_check Password API endpoint.


Method parameters


password*string

email_addressstring
import React, { useCallback } from 'react';
import { useStytchB2BClient } from '@stytch/react-native/b2b';

export const StrengthCheck = () => {
    const stytchClient = useStytchB2BClient();

  const strengthCheck = useCallback(() => {
    stytchClient.passwords.strengthCheck({
      password: 'f34#x@M)wH&Kw7OD',
    });
  }, [stytchClient]);

  return <button onClick={strengthCheck}>Strength Check</button>;
};

RESPONSE

200 - LUDS invalid
{
    "breach_detection_on_create": true,
    "breached_password": false,
    "feedback": {
      "suggestions": null,
      "warning": null,
      "luds_requirements": {
        "has_digit": true,
        "has_lower_case": false,
        "has_symbol": false,
        "has_upper_case": false,
        "missing_characters": 6,
        "missing_complexity": 1
      }
    },
    "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
    "score": 0,
    "status_code": 200,
    "strength_policy": "luds",
    "valid_password": false
  }