Hi,

I developed a plugin that generates a secure activation link (/open-account?token=XXXX…).
This link currently redirects to the native WordPress URL:

The user can successfully set a new password, but afterwards:

If they log in via /auth (the Voxel form), the old password still works,

And the new password is not recognized.

It seems that the /auth form does not read user_pass directly, or it handles password resets differently from the native WordPress flow.

My question:
What is the proper flow/endpoint to force a password reset that is compatible with /auth in Voxel?
Should I redirect the user to a specific theme URL (e.g., /auth/reset-password?…) instead of wp-login.php?action=rp?
Or is there a Voxel hook (e.g., voxel/user:reset_password) that I can use in my plugin to synchronize the password with your authentication system?

Thank you for your help