#What is Difference between Smtp vs oAuth

litte bit confused between SMTP and oAuth can anyone explain the difference between this, Which service should i use for reseting users password for my app.

An SMTP provider sends emails. Appwrite uses an SMTP provider to send a code to a users email address so they can prove they own the email address and can reset their password.

OAuth2 is a mechanism to offload authentication to an external system

which one is absolutely free for login and for reseting password , because i have implemented login in my app with appwrite but did not find any option for reseting password.

Which login method did you implement?

used this one from doc ```import 'package:appwrite/appwrite.dart';

void main() { // Init SDK
Client client = Client();
Account account = Account(client);

client
.setEndpoint('https://cloud.appwrite.io/v1') // Your API Endpoint
.setProject('5df5acd0d48c2') // Your project ID
;
Future result = account.create(
userId: '[USER_ID]',
email: '[email protected]',
password: '',
);

result
.then((response) {
print(response);
}).catchError((error) {
print(error.response);
});
}```

this isn't a log in

Logging in requires creating a session

srry, using for creating new account

here is how using login or creation session ``` login(email, password, context) async {
//Account account = Account(client);
try {
await account.createEmailSession(
email: email,
password: password,
);
isLoggedIn = true;
notifyListeners();
Navigator.pushAndRemoveUntil(context, MaterialPageRoute(builder: (context)=>HomeScreen()), (route) => false);

} catch (e) {
  print(e);
  if(e.toString() == "AppwriteException: general_rate_limit_exceeded, Rate limit for the current endpoint has been exceeded. Please try again after some time. (429)"){
  ScaffoldMessenger.of(context).showSnackBar(SnackBar(content: Text(e.toString().replaceAll("AppwriteException: general_rate_limit_exceeded, Rate limit for the current endpoint has been exceeded. Please try again after some time. (429)", "Too Many Attempts, please try again later."))));
  }else{
    ScaffoldMessenger.of(context).showSnackBar(SnackBar(content: Text(e.toString())));
  }
}

}```

So for this, you're sending email and password to Appwrite and Appwrite is validating the password because Appwrite has the password hash. To reset this password, you would have to reset the password in Appwrite. You can do that with the create password recovery methods that send an email to the user

Thanks, but how to send email to user

https://appwrite.io/docs/client/account?sdk=web-default#accountCreateRecovery

thanks @fallow pecan

right now using in localhost , what should i pass to second parameter('https://example.com') const promise = account.createRecovery('[email protected]', 'https://example.com');

As the docs say, the url should be the url of your app so that when they click on the url it will take them back to your app so you can finish the password reset

where should i get the url of my app

Don't you access it at localhost?

i can access my localhost, should i provide https://localhost/ instead of https://example.com%27/ ?

It should be the url of your client application that you're building

Maybe this will help clarify: https://dev.to/appwrite/30daysofappwrite-email-verification-and-forgot-password-420o.

Some things might be outdated, but the general idea/flow is the same

still not clear, how she/he got the url or created the urllet promise = sdk.account.createRecovery('[email protected]', 'http://myappdomain/resetPassword');

you as the developer set it because you're building and deploying the app

if i dont use url for redirecting, and just extracting the userid and secret key from url (received url in mail ) and then update the password, this will be secure ?

How are you going to update the password?

this the url got in mail will extract the user id and key and pass it to update method

here is the update method from doc import 'package:appwrite/appwrite.dart';

  Client client = Client();
  Account account = Account(client);

  client
    .setEndpoint('https://cloud.appwrite.io/v1') // Your API Endpoint
    .setProject('5df5acd0d48c2') // Your project ID
  ;
  Future result = account.updateRecovery(
    userId: '[USER_ID]',
    secret: '[SECRET]',
    password: 'password',
    passwordAgain: 'password',
  );

  result
    .then((response) {
      print(response);
    }).catchError((error) {
      print(error.response);
  });
}```

Sure

is this is a good idea with respect to security concern ?

Sure

ok thanks

how to edit emails profile picture, name, title etc, and why mail is receiving in spam although i am using SMTP.

There's an environment variable for the from email.

What SMTP provider are you using?

sendinblue

Maybe the domain is misconfigured

how to configure domain ?

for domain configration have to buy domain ?

Yes and you typically have to do some extra stuff to prove you're the owner. I'm sure you can Google how to make sure your emails don't end up in spam

i am looking for totally free smtp, do u have any idea ?

Regardless of whatever you use, it will take effort to get it configured

so setting up own smtp means, landing in spam?