The canonical-identity-provider api should validate password resets in the exact same way the website does.
The canonical- identity- provider api should validate password resets in the exact same way the website does.