Sup guys! So, I'm developing a "password recovery by email" thing, so this is how I'm doing: On my website the user clicks on a button called "I forgot my password" then it's directed to a form, so he can type his account email, this data is sent to a api that will create a token that expires in 1 hour, and then, the api sends this token together with the typed email to the user's email box with a very beauty html front end thing.
So the idea behind this email is to drive the user through the password recovery process. Inside this email there's a button called "Reset my password" and when the user clicks it, will open a webpage in his browser with a form, so he can type the new password.
My question is: How can this webpage receive the "token" and the "user email" from the email link? So when he finishes type the new password and click on submit, the form will send to the api the token and the email together.
This is part of my button code:
<a href="http://localhost:3333/users/form_reset_password" target="_blank">http://localhost:3333/users/form_reset_password</a>
I believe that inside this tag should I store the token and user's email, right?