Identity Management Recovery API improvements. In Identity Server 5.3.0, we are going to implement Identity Management recovery APIs as rest resources. In current implementations of IS5.0.0, IS5.1.0 we have soap APIs for recovery scenarios. [1].
Captcha validation is coupled with recovery flows in existing soap API implementation and we have improved Java API to decouple to the captcha validation from recovery flows in new implementations. [4] Existing soap APIs.Recover with Notification [2] - getCaptcha() - Generates a captcha. - verifyUser() - Validates the captcha answer and username and returns a new key. - sendRecoveryNotification() - Send an email notification with a confirmation code to the user. Need to provide the key from the previous call. - getCaptcha() - Generates a captcha when the user clicks on the URL. - verifyConfirmationCode() - Validates the captcha answer and confirmation code. This returns a key. - updatePassword - Updates the password in the system. Need to provide the key from the previous call, new password and returns the status of the update, true or false. Recover with Secret Questions[3] - getCaptcha() - Generates a captcha. - verifyUser() - Validates the captcha answer and username and returns a new key. - getUserChallengeQuestionIds() - Retrieve the claim URI IDs specified for the user with the generated key. Need to provide the key from the previous call. - getUserChallengeQuestion() - Retrieve the user’s challenge question for the specified claim URI ID from the previous call. Need to provide the key from the previous call. - verifyUserChallengeAnswer() - Validates the answer and confirmation code for the specified question. Need to provide the key from the previous call. - updatePassword() - Updates the password in the system. Need to provide the key from the previous call, the new password and return the status of the update, i.e. true or false. New APIs Recover with Notification - sendRecoveryNotification() : validate user and returns a new key through a notification. - updatePassword() : Updates the password in the system. Need to provide the key from notification, new password Recover with Secret Questions - intiateUserChallengeQuestion(); validate user and returns a question to answer with a secret code - verifyUserChallengeAnswer(); validate secret code and answer for the question in previous step. Return a new question with new secret until minimum number of questions are answered. - updatePassword(); Updates the password in the system. Need to provide the key from notification, new password New APIs for Multiple Questions at once - getAllChallegeQuestions(); validate user and returns all questions to answer with a secret code - validateAllChallengeAnswers(); validate code and all answers and return a code if success - updatePassword();Updates the password in the system. Need to provide the key from notification, new password [1] https://docs.wso2.com/display/IS510/Password+Recovery [2] https://docs.wso2.com/display/IS510/Password+Recovery#PasswordRecovery-Recoveryusingnotifications [3] https://docs.wso2.com/display/IS510/Password+Recovery#PasswordRecovery-Recoveryusingchallengequestions [4] [Architecture] Decouple capcha validation from Recovery flows Sample Requests Send Email Notification POST accountrecovery/rest/notification/notify <https://localhost:9443/accountrecovery/rest/notification/notify> Request Body { "userName": "testuser", "tenantDomain": "carbon.super", "userStoreDomain": "PRIMARY" } If notifications are internally managed, Response Body HTTP 200 If notifications are externally managed, Response Body { "user": { "userName": "testuser", "userStoreDomain": "PRIMARY", "tenantDomain": "carbon.super" }, "key": "f75da810-3478-47f4-80e5-c37556392015" } *Reset Password.* PUT /accountrecovery/rest/notification/reset_password Request Body { "user": { "userName": "test", "userStoreDomain": "PRIMARY", "tenantDomain": "carbon.super" }, "code": "e4d6041b-2ea7-4dc1-9ae2-b8e9686e1d12", "password": "12345" } Response Body HTTP 200 Initiate User Challenge Question PUT /accountrecovery/rest/questions/initiate Request Body { "userName": "admin", "userStoreDomain": "PRIMARY", "tenantDomain": "carbon.super" } Response body { "question": "City where you were born ?", "questionSetId": "http://wso2.org/claims/challengeQuestion1";, "code": "786f63b6-d0b7-4bd7-991e-12e97e4602e3", "status": "INCOMPLETE" } Validate User Challenge Question, POST /accountrecovery/security_questions_response Request Body { "user": { "userName": "admin", "userStoreDomain": "PRIMARY", "tenantDomain": "carbon.super" }, "key": "12454125-15145-45554155", "code": "fbc8e9e0-e6fd-4a75-8502-f03e5836930f", "answer": "colombo" } Response body { "question": "what is your favourite food ?", "questionSetId": "http://wso2.org/claims/challengeQuestion2";, "code": "786f63b6-d0b7-4bd7-991e-12e97e4602e3", "status": "INCOMPLETE" } This should be repeated until status becomes complete. Response body { “status” : “COMPLETE”, “key” : "3225d2dd-f5fa-44ca-9aa1-d1c32748b569" } Thanks Isura -- Isura Dilhara Karunaratne Senior Software Engineer Mob +94 772 254 810
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
