Password Change

The password change process is a vital security feature that allows users to update their login credentials. This process ensures that users can maintain control over their account security by regularly updating their passwords or immediately changing them if they suspect any unauthorized access. Including a password change option on the user profile page enhances security, provides convenience, and empowers users to proactively manage their account safety. By enabling easy access to this feature, you promote a safer and more user-friendly environment.

Option	Description
1. Configure/Setup Password	This option allows the user to set up a password as one of the verification methods for their account.
2. Change Existing Password	This option allows the user to change their current password to a new one, enhancing account security.

This simplified table provides a clear overview of the two password management options.

Introduction to Password Change

To change a password, a user must be authenticated. They can decide which new password they want to set while complying with the current password policy.

Thereby the user can enter the old password to allow the system to verify that this user should be able to change the current password.

Understanding the Flow and APIs

API	Description	Link
Get available verification methods	To display and allow the user to configure the available verification methods.	Link to API
Change the Password	To change the password you need to include the PUT-Api that accepts the new entered password	Link to API
Set new Password	To set the password for users who signed up passwordless or using a social provider, you need to include the POST-Api that accepts the new entered password	Link to API

Step 1: Allow Password in your Instance

In your Verification Setup you need to allow Password to be enabled. To do this, you can change your existing setup, navigate to Multifactor Settings > Enable Password.

Step 2: Present Verification Methods

The first page for enrollment should present all available verification methods. Push Enrollment

You can use the following query to retrieve the available methods.

curl 'https://domain/verification-srv/config/list' \
  -H 'Authorization: Bearer eyJhbGciOiJxxx2Og' \
  -H 'cache-control: no-cache' \
  -H 'content-type: application/json' \
  --compressed

The API returns all available methods as an array:

[ 
  {
      "verificationType": "PUSH",
      "active":true
  },
  {
      "verificationType": "TOUCHID",
      "active": true,
  },
]

It returns a verificationType which can be used as input variable (path parameter) for the API in Step 3.

Step 3: Verify if Password is already configured

To start the enrollment, a QR code will be displayed to the user.

The cURL command to initiate the enrollment will accept push as a path parameter. This way, you are defining the method to configure. Based on the token the user will be identified.

curl 'https://domain/verification-srv/v2/setup/users/configured/list' \
  -H 'accept: application/json, text/plain, */*' \
  -H 'accept-language: en-US,en;q=0.9' \
  -H 'authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6ImRiMDxxxH3CCQAZ246TjbEZvqQkNy_CM9YARxW7geGevv2Og' \
  -H 'content-type: application/json' \
  --data-raw '{"deviceInfo":{"deviceId":"","location":{"lat":"","lon":""}}}' \
  --compressed

The response from the API contains configured_list, that presents the methods the user has already enrolled for. If password is not set, you can present a form to only enter a new password, otherwise the service will also require entering the old password.

{
    "success": true,
    "status": 200,
    "data": {
        "configured_list": [
            {
                "type": "EMAIL",
                "mediums": [
                    {
                        "id": "bb2d4a47-ed81-4d0f-9bde-f91414860674",
                        "key_name": "muster.*********test@g***l.com"
                    }
                ]
            }
        ]
    }
}

Step 4: Change the Password

Now, we are ready to set the password.

curl --location --request PUT 'https://domain/password-srv/password' \
  -H 'accept: application/json, text/plain, */*' \
  -H 'authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpxxQEZvqQkNy_CM9YARxW7geGevv2Og' \
  -H 'content-type: application/json' \
  --data '{
    "sub": "4838dab3-6d88-4403-8dda-c1486754121a",
    "old_password":"Test1234%",
    "new_password": "Test12345$",
    "confirm_password": "Test12345$"
  }'
  --compressed

The API returns a success message after successfully setting the new password.

Step 4: Set the Password

Now, we are are ready to set the password.

curl --location --request POST 'https://domain/password-srv/password' \
  -H 'accept: application/json, text/plain, */*' \
  -H 'authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpxxQEZvqQkNy_CM9YARxW7geGevv2Og' \
  -H 'content-type: application/json' \
  --data '{
    "sub": "4838dab3-6d88-4403-8dda-c1486754121a",
    "password": "MyTestPasswords$",
    "confirmPassword": "MyTestPasswords$"
  }'
  --compressed

The API returns a success message after successfully setting the new password.

Handling of Error Messages

Please ensure that you handle the error message for pwned passwords or if the password is not matching the password policy. Also ensure that all required variables are provided. Please find error responses in the FAQ

Need help implementing this?

Please contact us on our Support Portal.

Introduction to Password Change​

Understanding the Flow and APIs​

Step 1: Allow Password in your Instance​

Step 2: Present Verification Methods​

Step 3: Verify if Password is already configured​

Step 4: Change the Password​

Step 4: Set the Password​

Handling of Error Messages​

Need help implementing this?​