In GSuite, creating a user or resetting a password gives you the option to notify the user by mail. The email contains a link where he can then set a new password.
Is there any way to reproduce that with googleapis ?
Can't find anything related to that in the reference api : https://developers.google.com/admin-sdk/directory/v1/reference/
The response from POST https://www.googleapis.com/admin/directory/v1/users doesn't seem to provide any information to create that link.
Thanks
Related
I'm trying to create a password to a new user created on WSO2-IS 5.11.0 using the link sent by email, but I'm facing an error after click on Proceed:
In the log it doesn't show anything
Version: 5.11.0
When you get the mail check the password recovery link that you have received. There are two ways that you can find the link.
You can copy the link by right-clicking on the button.
Recovery link at the bottom of the page.
You should see a recovery link as below.
https://localhost:9443/accountrecoveryendpoint/confirmrecovery.do?confirmation=ea626c2f-47f7-4184-b927-5f230686716c&userstoredomain=PRIMARY&username=sominda&tenantdomain=carbon.super&callback=https%3A%2F%2Flocalhost%3A9443%2Fauthenticationendpoint%2Flogin.do%3Fclient_id%3DMY_ACCOUNT%26code_challenge%3Dmiilh2DN9GCQwLQVBn8s99fc2_D9Q8YoCAFX7GA4dLs%26code_challenge_method%3DS256%26commonAuthCallerPath%3D%2Foauth2%2Fauthorize%26forceAuth%3Dfalse%26passiveAuth%3Dfalse%26redirect_uri%3Dhttps%3A%2F%2Flocalhost%3A9443%2Fmyaccount%2Flogin%26response_mode%3Dform_post%26response_type%3Dcode%26scope%3DSYSTEM+openid%26tenantDomain%3Dcarbon.super%26sessionDataKey%3D1ca27665-1d5c-41f6-9e3e-e320139e2b94%26relyingParty%3DMY_ACCOUNT%26type%3Doidc%26sp%3DMy+Account%26isSaaSApp%3Dtrue%26authenticators%3DBasicAuthenticator%3ALOCAL
Check the value for the confirmation param. According to what you have recieved the its value should be %s. This means that the recovery code is not properly set in the email.
The reason for this can be an error when updating the email template. The email template for password recovery should contain a placeholder for confirmation. Make sure the placeholder is as follows.
confirmation={{confirmation-code}}
This should resolve your issue.
When I create a User in my test application, an email is sent to the user to create a password in order to log in successfully to the application.
In this email, there is a link to set the password. After adding the new password and click the proceed button, we are redirected to the /carbon management page instead of /myaccount page.
By investigating more, I found out that if I try to access My Account Page passing a query param
passwordReset=true I get a 405 Method Not Allowed error.
The version of wso2is is 5.11.0
What is the correct configuration so that after a user sets the password we could redirect him to log in directly to our test application or my account?
You have to append the query parameter callback to define where you want to redirect after the reset. A sample reset password link
eg: https://{is-server}/accountrecoveryendpoint/confirmrecovery.do?confirmation=151cbca7-2961-45d7-a108-49f34ade6aea&userstoredomain=USER&username=sample&callback={test-application-url}&type=reset
I am following this guide to allow the users to reset the password using email. The problem is when the user requests "password reset link" for multiple times, the old links generated are not invalidated. (Password can be reset using either the latest link or old links).
Is there any parameter I can set to invalidate the old links?
There is a property file called identity-mgt.properties which you can find in the /repository/conf/identity/ directory.
In this property file, there is a property called Notification.Expire.Time which you could use to set the confirmation code expire time in munites.
Notification.Expire.Time denotes the expiration time of the confirmation code. Even in a notification recovery scenario a confirmation code is generated. If notification is done via email, the link sent to the user for verification will include the confirmation code. Therefore, once the user clicks that link, the confirmation code will be verified. Thus, you can use this property to validate the link.
Currently, generated confirmation codes will invalidate only once user change his password successfully. So as you have mentioned user will be able to recover his password using any confirmation code he has retrieved. And when user successfully change the password, all the confirmation codes generated before that would be invalidated. This is the default behaviour for now and we don't have a configuration to change that.
According to the documentation I must remove an apprequest when a user has accepted it. There is however a problem with this.
When I accept an apprequest, I will be redirected to my app. But in the url parameters only the apprequestid(s) are included. The userId of the current user is unavailable.
My app doesn't require authentication so I can't access the current users data.
How do I remove the apprequest for this user when I don't have acces to the userdata or accesstoken as described here:
The old method of the apprequest allowed me to extract the userid from the requestid. This is not possible anymore.
you have to have authentication to "tamper" with user data - that includes app invitations.
However with an App Access Token you might be able to delete the post without authenticating your user (you'll still have to aquire their UID - possibly from the signed_request . You can read at this link about app login and how to retrieve the correct access token.
I am able to see from the following link that, if password change, access_token will get invalidated.
http://developers.facebook.com/docs/authentication/
So, how to identify when user change his/her password.
I did not see anything about this in the graph api documentation.
Please help me regarding this.
Thanks,
Gopal.
When access_token is invalidated due to password change, you can no longer make Graph API calls, i.e. Graph API returns an error. You can recognize this error and set a flag in user profile which triggers a notification "Hi Gopal, you have to reconnect your account with FB. To do so, click [here]", where [here] points to the regular FB oauth url (i.e. https://graph.facebook.com/oauth/authorize).
EDIT 14/05/2011: Facebook just released blog entry on this topic: http://developers.facebook.com/blog/post/500