Password Set Options
To set a password there are multiple use cases for how to use the different APIs and when to use which API.
Therefore in this section you will learn which Use Cases you will find in cidaas and helpful instructions on how to implement those scenarios
| Use Case | Description | Template |
|---|---|---|
| Registration | Registering a user allows you to request a password right at the beginning. Thereby the password is provided in the request body when submitting the registration request | WELCOME_USER |
| User-initiated Password Reset | This is the second most common option, when a user forget their passwordd and wants to request a password reset and thereby set a new one. This is possible in two ways using a code or link-flow. | RESET_PASSWORD |
| User-initiated Password Change | In contrast to the reset password option, the change password is performed when being logged in. So the user has an active and valid access token and changes their password | |
| Reset Password by Admin | The Reset By Admin Option is widely used when an incoming support request is handled. So a user requests that their password is not working and the administrator is triggering a password reset, which immediately also sets a new password. So the old password will become unusable. Also included in this feature is the need_password_reset option, which allows you to force the user to set a new password during the next login | RESET_PASSWORD_BY_ADMIN |
| Set Password during Progressive | It is also possible to register a user without a password. The login then works via another passwordless authentication method e.g. FIDO2 or Email-OTP. After successful authentication the app using the required_fields option asks for the password to be set. | |
| Change Password on Next Login | When creating a user or resetting a password you can enforce a user to change their password during the next login. This will be addressed in this section, how a password in this case will be set. |
Registration
The Registration Endpoint allows you to set a password during registration. From a Development Perspective there are two points to consider:
- Apply the correct password policy
- Send the password during the registration Request
| API | Description | link |
|---|---|---|
| Register | The body contains the password as string. | Link to API |
| Password Policy | The response returns a field password_policy containing the respective information to verify the password policy on UI-side | Link to API |
In case of failing to save the password, the response body returns a 400 stating that there was a Error while saving password.
"password_policy": {
"_id": "8108d54b-62aa-476d-beaf-5",
"className": "de.cidaas.core.db.PasswordPolicySetup",
"policy_name": "default",
"minimumLength": "10",
"maximumLength": "null",
"noOfDigits": "2",
"noOfSpecialChars": "2",
"lowerAndUpperCase": true,
}
User-initiated Password Reset
The complete guide on how to use and allow a user-initiated password reset you will find here.
The user-initiated password reset is triggered when a user is not authenticated.
| Flow Type | Description |
|---|---|
| LINK | The Link Flow triggers an email including a reset_link. Using this link the user lands directly on the password_set page, allowing the user to enter a new password and confirm password. |
| CODE | The Code Flow triggers an email containing a code and link. The Code can be entered directly in the window the user initiated the reset password or after opening the provided link the user will be asked for the code. After verification of the code the user will also land on a password_set page |
Link User Reset
The Reset Link Flow consists of three steps, after the login page was opened. For complete overview, please also find the authorization Request and Public-Reset in the documentation
| Flow | API | Description |
|---|---|---|
| 1 | Authz | The authorization request allows to start the login, registration or the single sign on process. |
| 2 | Password Policy | The response returns a field password_policy containg the respective information to verify the password policy on UI-side |
| 3 | Initiate Password Reset | To initiate the password reset this API allows to define for which user and if using LINK or CODE-Flow. Provide processingType=LINK in this requestbody to start this flow. |
| 4 | Handle Password Reset | The handle password reset API is automatically performed by cidaas and must not be included in any UI. It will return the values to continue to actually perform the password change |
| 5 | Accept Password Reset | This API will change the password for this user. |
Code User Reset
The Reset Link Flow consists of four steps, after the login page was opened. For complete overview, please also find the authorization Request and Public-Reset in the documentation now using the CODE-Flow
| No | API | Description |
|---|---|---|
| 1 | Authz | The authorization request allows to start the login, registration or the single-sign on process. |
| 2 | Password Policy | The response returns a field password_policy containg the respective information to verify the password policy on UI-side |
| 3 | Initiate Password Reset | To initiate the password reset this api allows to define for which user and if using LINK or CODE-Flow. Provide processingType=CODE in this requestbody to start this flow. |
| 4 | Handle Password Reset | The handle password reset API is automatically performed by cidaas and must not be included in any UI. It will return the values to continue to actually perform the password change |
| 5 | Validate Code | The Validate Code API will verify if the code matches the one sent in the Email after triggering the initiation API |
| 6 | Accept Password Reset | This API will change the password for this user. |
User-initiated Change Password
The user might want to change their password from time to time. After the user is logged in, they can use this flow to change his current password.
| API | Description |
|---|---|
| Change Password | This allows you to change the password when the user is authenticated. |
Reset Password by Admin
In case of incoming user requests, there might be the requirement to trigger a password reset by an administrator. Therefore this API allows you, having a token, with proper scopes to change the password for the user.
| API | Description |
|---|---|
| Reset Password by Admin | The reset API will change the user's password. You can also notify the user about this change. In the mail also the newly provided password will be issued and the user can login. Depending on the need_password_reset this will enforce the user to change the password after the next successful authentication. |
Set Password during Progressive Profiling
The Progressive Profiling option allows you to add further information to the user's profile. This can be controlled using the app configuration called required_fields. A great example why to use the password set during progressive profiling is e.g. when registering a user for a newsletter, you might not want to ask them for a password, but to register the user. Thereby the user can still log in using passwordless authentication.
During Progressive Profiling you can then provide the password.
| API | Description |
|---|---|
| Progressive Profiling | The progressive profiling API allows you to also submit the password, when this was a detected missing field |
Change Password on next Login
The complete guide on how to use and enforce a user to set a password on next login you can find here.
The API to change the password in the login process, is the precheck continue API. Usually it is not required to provide any body in this API to complete the login, but in case of the precheck condition is called password_change the precheck continue API enforces to set a new password.
| API | Description |
|---|---|
| Precheck Continue | The precheck continue allows to set the password when adding this as request body |
Need Support?
Please contact us directly on our support page