If you try to use a token that has already been consumed, the error message says message: "Token expired [403]"
If it remains unused, does it remain in perpetuity or does it expire after a given period?
If you try to use a token that has already been consumed, the error message says message: "Token expired [403]"
If it remains unused, does it remain in perpetuity or does it expire after a given period?
It seems that Accounts will only keep one reset token at a time.
Thus, if a user requests a reset twice, the first reset token is expired.
The second one will sit it out in perpetuity until it is consumed.