diff --git a/package.json b/package.json
index fc442cd..52cd6ed 100644
--- a/package.json
+++ b/package.json
@@ -1,38 +1,41 @@
 {
 	"name": "@authorizerdev/authorizer-svelte",
-	"version": "0.1.9",
+	"version": "2.0.0",
 	"license": "MIT",
 	"author": "Lakhan Samani",
 	"scripts": {
 		"dev": "vite dev",
 		"build": "svelte-kit sync && svelte-package",
-		"test": "playwright test",
+		"test": "vitest run",
 		"check": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json",
 		"check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch",
 		"lint": "prettier --plugin-search-dir . --check . && eslint .",
 		"format": "prettier --plugin-search-dir . --write ."
 	},
 	"devDependencies": {
-		"@playwright/test": "^1.25.0",
-		"@sveltejs/adapter-auto": "next",
-		"@sveltejs/kit": "next",
-		"@sveltejs/package": "next",
+		"@playwright/test": "^1.58.0",
+		"@sveltejs/adapter-auto": "^1.0.0",
+		"@sveltejs/kit": "^1.30.0",
+		"@sveltejs/package": "^2.5.0",
+		"@testing-library/svelte": "^4.0.0",
 		"@typescript-eslint/eslint-plugin": "^5.27.0",
 		"@typescript-eslint/parser": "^5.27.0",
 		"eslint": "^8.16.0",
 		"eslint-config-prettier": "^8.3.0",
-		"eslint-plugin-svelte3": "^4.0.0",
+		"eslint-plugin-svelte": "^3.5.0",
+		"jsdom": "^26.0.0",
 		"prettier": "^2.6.2",
-		"prettier-plugin-svelte": "^2.7.0",
-		"svelte": "^3.44.0",
-		"svelte-check": "^2.7.1",
-		"svelte-preprocess": "^4.10.6",
+		"prettier-plugin-svelte": "^2.10.0",
+		"svelte": "^4.0.0",
+		"svelte-check": "^3.8.0",
+		"svelte-preprocess": "^6.0.0",
 		"tslib": "^2.3.1",
-		"typescript": "^4.7.4",
-		"vite": "^3.1.0"
+		"typescript": "^5.9.3",
+		"vite": "^4.5.0",
+		"vitest": "^3.0.0"
 	},
 	"type": "module",
 	"dependencies": {
-		"@authorizerdev/authorizer-js": "^1.2.6"
+		"@authorizerdev/authorizer-js": "3.0.0"
 	}
 }
diff --git a/src/lib/components/AuthorizerResetPassword.svelte b/src/lib/components/AuthorizerResetPassword.svelte
index c75bcfb..01a1cd4 100644
--- a/src/lib/components/AuthorizerResetPassword.svelte
+++ b/src/lib/components/AuthorizerResetPassword.svelte
@@ -7,6 +7,20 @@
 	import PasswordStrengthIndicator from './PasswordStrengthIndicator.svelte';
 	import type { AuthorizerState } from '../types';
 
+	function isValidRedirectUri(uri: string, allowedRedirect?: string): boolean {
+		try {
+			const url = new URL(uri, window.location.origin);
+			if (url.origin === window.location.origin) return true;
+			if (allowedRedirect) {
+				const allowed = new URL(allowedRedirect);
+				if (url.origin === allowed.origin) return true;
+			}
+			return false;
+		} catch {
+			return false;
+		}
+	}
+
 	export let onReset: Function | undefined = undefined;
 
 	let state: AuthorizerState;
@@ -54,17 +68,25 @@
 	const onSubmit = async () => {
 		componentState.loading = true;
 		try {
-			const res = await state.authorizerRef.resetPassword({
+			const { data: res, errors } = await state.authorizerRef.resetPassword({
 				token,
 				password: formData.password,
 				confirm_password: formData.confirmPassword
 			});
 			componentState.loading = false;
+			if (errors && errors.length) {
+				componentState.error = errors[0].message;
+				return;
+			}
 			componentState.error = null;
 			if (onReset) {
 				onReset(res);
 			} else {
-				window.location.href = redirect_uri || state.config.redirectURL || window.location.origin;
+					const fallback = state.config.redirectURL || window.location.origin;
+				const target = redirect_uri && isValidRedirectUri(redirect_uri, state.config.redirectURL)
+					? redirect_uri
+					: fallback;
+				window.location.href = target;
 			}
 		} catch (error: any) {
 			componentState.loading = false;