Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

aralvi143's avatar

Reset password token expiry

Hi i have created a custom password reset api that will send the reset password token to given email and it is also working fine but the token expiration does not work i don't know how it will please guide me. I will appreciate you if you guide me thanks

0 likes
2 replies
Braunson's avatar

Assuming (since you have not posted any code) you are using the Laravel password reset logic/broker, straight from the config: https://github.com/laravel/laravel/blob/master/config/auth.php

config/auth.php you can modify the expiry for passwords there

    /*
    |--------------------------------------------------------------------------
    | Resetting Passwords
    |--------------------------------------------------------------------------
    |
    | You may specify multiple password reset configurations if you have more
    | than one user table or model in the application and you want to have
    | separate password reset settings based on the specific user types.
    |
    | The expire time is the number of minutes that each reset token will be
    | considered valid. This security feature keeps tokens short-lived so
    | they have less time to be guessed. You may change this as needed.
    |
    */

    'passwords' => [
        'users' => [
            'provider' => 'users',
            'table' => 'password_resets',
            'expire' => 60,
            'throttle' => 60,
        ],
    ],

If you are using Fortify, you can see how they take care of the password reset here https://github.com/laravel/fortify/blob/1.x/src/Http/Controllers/PasswordResetLinkController.php#L41-L43

aralvi143's avatar

@Braunson hi thanks but i have created custom api for password reset and this password expiry does not work on custom api here is my api https://stackoverflow.com/questions/71794287/reset-password-token-expiry-laravel-custom-api

public function forgotPassword(Request $request) { $request->validate([ 'email' => 'required|email|exists:users', ]);

    $token = Str::random(64);
    $code = mt_rand(100000,999999);

    DB::table('password_resets')->insert([
        'email' => $request->email,
        'token' => $token,
        'code' => $code,
        'created_at' => Carbon::now()
    ]);


    Mail::to(request('email'))->send(new ForgotPassword([
        'token' => $token,
        'code' => $code,]));
   
    return response()->json(['status' => true, 'message' => 'Reset password link has been sent to your email id.!']);
}

Please or to participate in this conversation.