I’m receiving 401 when trying to reach the end point “/_allauth/browser/v1/auth/password/reset”, althoug sending cookie, crsf and the key for email reseting.

I’m following the flow of reseting the users password from a vuejs Frontend with this:

async function sendEmailReset() {
  spin.value = true;
  try {
    const resp = await api.get("/api/email-reset/" + email.value);

    if (resp.data.status == "none") {
      error_message.value =
        "Este e-mail não existe no sistema. Faça o processo de registro novamente.";
      wrongCredentials.value = true;
      return;
    } else if (resp.data.status == "social") {
      error_message.value =
        "Este email foi cadastrado com uma conta social. Faça login com o Google.";
      wrongCredentials.value = true;
      return;
    } else {
      const response = await api.post(
        "/_allauth/" + authClient + "/v1/auth/password/request",
        { email: email.value },
        {
          headers: { "Content-Type": "application/json" },
        }
      );
      console.log(response);
      if (response.data.status == 200) {
        sentEmail.value = true;
      } else {
        error_message.value =
          "Ocorreu um erro ao enviar o e-mail. Verifique se o e-mail está correto.";
        wrongCredentials.value = true;
      }
    }
  } catch (error) {
    console.error(error);
    error_message.value =
      error.response?.data.detail ||
      "Ocorreu um erro na conexão com o servidor. Se persistir, tente novamente mais tarde.";
    wrongCredentials.value = true;
  } finally {
    spin.value = false;
    email.value = "";
  }
}

it works fine and send the email with the key to the right address, with the lint to my frontend to handle the key and grab the new password: http://127.0.0.1:9000/reset/78f13dbf84b0458cb512b40e8362277e-c79vad-8024b22600b3c581b757f9e627f63847, from there I call the api again:

const reset = async () => {
  if (password.value !== password2.value) {
    error_message.value = "As senhas não coincidem.";
    wrongCredentials.value = true;
    return;
  }
  if (password.value.length < 8) {
    error_message.value = "A senha deve ter pelo menos 8 caracteres.";
    wrongCredentials.value = true;
    return;`your text`
  }
  spin.value = true;
  try {
    console.log(p1.value);
    console.log(password.value);
    const response = await api.post(
      "/_allauth/" + authClient + "/v1/auth/password/reset",
      {
        key: p1.value,
        password: password.value,
      },
      {
        headers: {
          "Content-Type": "application/json",
        },
      }
    );
.....  }  but I get this {
  "status": 401,
  "data": {
    "flows": [
      {
        "id": "login"
      },
      {
        "id": "signup"
      },
      {
        "id": "provider_redirect",
        "providers": [
          "google"
        ]
      },
      {
        "id": "provider_token",
        "providers": [
          "google"
        ]
      }
    ]
  },
  "meta": {
    "is_authenticated": false
  }
},

that is what they call “401 – Unauthorized – Initial” in the documentation. If I call the get method on the same endpoint it works fine. I’m calling from browser client and passsing both the cookie and the csrf token within the headers. What kind of authorization sholud I send besides the csrf and key values (since the user is reseting a forgotten password)? What am I missing? Could anyone help? I’m about to use normal django-auth only for dealing with this reset case, but I would like to concentrate all the process with Django-Allauth if possible.

Thanks in advance.