I was able to download the “old” deep link module and implement it together with the password forget in 9.7.0 which works perfectly.
When using the new REST deeplink.
I've implemented it, solved the errors and built up a new link based on the REST module. When calling the new built URL, the same function is kicked off (Step3_DL_SetNewPassword), however it can't handle the part that we want to show a page. Probably because it's a get request.
There is a way to implement this, but it will take some styling and lots of security checks.
What is possible is to let the user suggest his/her new password in the same page as the current “emailaddress” is on.
You can either save the password now and set the account on “blocked” untill the user verifies the action,
or you'll have to save it somewhere. Both have downsides.
The user will receive an email asking to verify the change. If the user presses the link, the rest function will then unblock the user or save the suggested password as main password.
After that you can set the status code of the response to 307, which means TMP redirect. You can set a header with the key “Location” and value “http://localhost:8080/succes.html”.
On the succes.html you can set a message that the change was succesfull and make it redirect to the homepage after x amount of seconds.