//New password was specified - verify the reset token and apply the new password:
Account account = stormpath.getApplication().verifyPasswordResetToken(sptoken);
//token is valid, set the password and sync to Stormpath:
account.setPassword(user.getPassword());
account.save();
//remove any stale value:
session.removeAttribute("stormpathAccount");
} catch (ResourceException re) {