I’m having trouble finding a way to provide users a reset password method for my apps.
Unlike this question, I don’t wan’t to manage it locally, instead I prefer to validate the user by some sort of connection to my server.
Should I validate the user via e-mail? By sending him a link containing a key like:
http://www.myweb.com/inc/mobile/activate.php?email=pepe%40hotmail.com&key=252b6a8e98b8109cda4f53500a419b62
I’m not sure how to make that work without using any webView.
Or maybe the best approach is to e-mail them a link to a website in which they can reset their password (like in Path).
Please, can someone point me in the right direction?
Any help would be appreciated.
The safest approach is to have your app contact the site, and have your site send an email to the user with a password reset link. It seems fairly common to provide a GUI in your app telling the user to check his email for the password reset instructions.
That way, if an impostor gets access to the app, he may not have access to the email or may not know the credentials for your site.
Your GUI could be done natively or with a webView. I am not sure why you are trying to avoid a webView in any event, but it is not required.