[Website Feature]: Password reset on our primary domain

[ssandino]

Is there an existing request for this feature?

• I have searched the existing issues

Is your feature request related to a problem? Please describe.

Currently the forgot password link on the login page triggers an email which has the following reset link in an email:
https://social-income-prod.firebaseapp.com/__/auth/action?mode=resetPassword&oobCode=XXX&apiKey=XXX&lang=en

This setup generally works well. However, since the form for setting a new password is hosted on a different domain ("social-income-prod.firebaseapp.com") rather than our primary domain ("socialincome.org"), it causes confusion with password managers. These tools automatically create a new password entry for the Firebase domain instead of associating it with our primary domain.

Describe the solution/feature

To address this issue, we're exploring options to either host the "Choose New Password" form (provided by Firebase Auth) on our own domain or handle the password reset process internally. Are there any recommended approaches or best practices for implementing this, particularly considering our current technology stack (if applicable)? This would streamline the user experience and ensure compatibility with password managers.

Describe alternatives you've considered

No response

Criteria for Completion

No response

Anything else?

No response

Code of Conduct

• I've read the Code of Conduct and understand my responsibilities as a member of the Social Income community

[ssandino]

Found the Firebase documentation explaining how it could be done, as well as a blog post on the topic.

[mkue]

We need to build our own reset-password page that uses confirmPasswordReset() from 'firebase/auth'.