In this article you can find a on-the-fly example of how you can create custom token for forgot password in strapi.
Strapi comes with pre-built functionality for forgot password functionality, which generates huge token that can be used only as a link and probably for a web based application.
But if you are using strapi as backend for your mobile app, you will need something more simple as token to be provided to the users, so they can used it (type it) within the app, to reset their password.
Default route proposed from Strapi for this purpose is /auth/forgot-password, and as mentioned this works well for web based apps.
In the following example you can find a small workaround that will create more meaningful code for password reset functionality within mobile apps.
The only difference here is, that instead of calling auth/forgot-password, you will have to call /forgot/:email endpoint, while everything else stays as explained by Strapi docs.
