I'm not sure precisely what you're attempting to do with your app, however I would caution you against using the PasswordReset_SRV oml as it is, since it looks to be quite flawed as a production model... (Likely only meant to be used as an outdated rough guide)

Example of flaws:
The action UserID_GetBy_Email only checks to see if more than 1 user has that email address, if no user has the email address, it allows it to pass the test and continue. (this will be relevant very soon)

Back in Token_Create, where the above action is used, we have the output of UserID_GetBy_Email being used without the output being checked, meaning a blank record can be sent along, and a token generated for an empty user, or a user who has not been found.

There are no error handlers in any of these actions, meaning that when an error occurs, the system will continue to attempt running. So when email_format_validate fails, it'll still run domain validation, etc etc. You reach token_generate regardless of rather or not a valid user was found, email was identified, etc.

Implementing an error handler with 'abort on error' active will prevent the user from reaching the next step, and likely identify to you where in the code the problem you're experiencing is occurring.

However, it is bad architecture and design to rely on error handlers to do your server side data validation for you. You should always check the output of your actions so you do not end up with a case like UserID_GetBy_Email giving you an empty record just because NOTHING was found due to a system error in a previous result, which could compound the issue and generate free tokens for ANYONE who knows that they don't even need an email address and can abuse the system.

I hope this gets you on the right path for success. Feel free to give us additional context of your situation to help us narrow down the issue.

Best,
RAD Manage