It's basically the same thing each time:
- An endpoint to send a request via email
- An endpoint to perform the action provided the token in the email
This should be generalized and the common code used for:
- password resets
- email confirmations (a bit different because it does not need a confirmed user)
- account deletions
- data (RGPD) retrievial (is it legal to require an email confirmation?)
- (later) 2FA activation/deactivation
It's basically the same thing each time:
This should be generalized and the common code used for: