REST API to update user passwords (after password expiry) without old password

This topic contains 2 replies, has 2 voices, and was last updated by  Ash 3 days, 22 hours ago.

  • Author
    Posts
  • #21844
     Ash 
    Participant

    I want to understand if there is a possibility in OpenAM or OpenIDM where a REST API call can be made to set a user’s new password after his password expires.

    There is an option in forgot password API that would utilize the token from email to reset a user’s password without asking for current or existing password.

    I want to implement a similar workflow through user self-service that allows user to login first and if the password is expired, prompts them to reset their passwords (current worflow asks user to enter “old password” first).

    I believe an admin will have sufficient rights to be able to call such API to reset without knowledge of the user’s old password. Can a similar flow be implemented as a self service?

    Appreciate any help.

    #21846
     Andy Cory 
    Participant

    Hi Ash

    Have you considered using a custom authentication module for this? Given your description says that the user logs in first, and then you want to check if the password is expired and prompt the user to take action, it would seem to fit the functionality of an authentication module.

    -Andy

    #21868
     Ash 
    Participant

    Hi Andy,

    Thank you for your response. I haven’t tried custom Authentication module but change password can be assumed to be something similar to an “Update Identity” API call right? That presumably will require Admin token to process the change of password. I was wondering if a self-service UI can implement the same functionality without the requirement of Admin token.

    Custom Authentication Module documentation is very limited on FR so I’m not sure how to implement this feature using Authen module. Can you direct me to any blog that can be of help?

    Appreciate your help.

    Thanks,
    Ash.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2018 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?