Hi everyone,
I’m building a secure admin panel and want to implement a password reset flow that avoids third-party services (like SendGrid, Mailgun, Twilio, etc.) for privacy and full control.
I’m looking for:
- Best practices for sending password reset emails/SMS from a self-hosted system
- Recommendations for email servers, SMS gateways, and Python libraries for token generation and validation
- Security considerations (token expiry, replay protection, etc.)
I’m currently using [Flask / FastAPI]. The database is MySQL.
Has anyone done something similar in a production environment? What would you recommend in terms of tools and architecture?
Thanks!