It depends on how you built it, but in general the process would be like this:
- Store the datetime when the user requested the forgot password link
- When the user clicks the link, in the deeplink microflow that opens, check if the currentdatetime <= the requestdatetime + 10 minutes
- If yes, continue with the password reset
- If no, show a pop-up or some other message indicating that the link has expired and the user should request a new password reset
That being said, you might want to reconsider making a password reset link valid for so short, since e-mails can take longer to arrive for any given reason.