Ok so apparently now the framework returns the raw version of the token only when using forgotPassword, but it gets removed if your own handler for this method is returning an object.
So to “solve” this, in my use case, I changed the forgotPassword handler to return only the resetToken, which is the raw version of it, not the hash one. I then use it for the email I send to welcome my users and whatever I need it for in the frontend.
This code has been problematic to me as it removes the resetToken if my forgotPassword handler returns a user, something I would not expect:
What lead to the issue for me was that I was generating my own resetTokens and storing them to the database myself in the forgotPasswordOptions.
I just removed the call to nanoId and let Redwood do it’s thing. Now everything works as expected: The user that arrives in the forgotPassword already has the resetToken, which gets stored as a hash in the DB and the resetting of passwords works!