Hi Isura, I have few suggestions.
[1] At the end of both flaws (Recover with Notification, Recover with Secret Questions) is it possible to send notification (acknowledgment) to end user to inform about password update. This will give good experience to end user and on the other hand biggest problem with "Recover with Secret Questions" is someone else can guess answers for security questions so sending notification at the end of password recovery is important. [2] How can we support custom flaws ? For an example intiateUserChallengeQuestion() verifyUserChallengeAnswer() sendRecoveryNotification() updatePassword() [3] What are the extension points we have for this implementation ? For an example, Instead of sending recovery notification via email user need to enter pin which is sent to his mobile. Thanks, Gayan On Thu, Jun 9, 2016 at 11:06 AM, Isura Karunaratne <[email protected]> wrote: > Hi, > > On Thu, Jun 9, 2016 at 10:53 AM, Harsha Thirimanna <[email protected]> > wrote: > >> Hi Isura, >> >> Any detail about the error response with relevant error codes ? >> > > We have developed error codes for relevant error scenarios, I will update > the docs with error code. > > >> >> >> >> *Harsha Thirimanna* >> Associate Tech Lead; WSO2, Inc.; http://wso2.com >> * <http://www.apache.org/>* >> *email: **[email protected]* <[email protected]>* cell: +94 71 5186770 * >> *twitter: **http://twitter.com/ <http://twitter.com/afkham_azeez>* >> *harshathirimannlinked-in: **http: >> <http://lk.linkedin.com/in/afkhamazeez>**//www.linkedin.com/pub/harsha-thirimanna/10/ab8/122 >> <http://www.linkedin.com/pub/harsha-thirimanna/10/ab8/122>* >> >> *Lean . Enterprise . Middleware* >> >> >> On Thu, Jun 9, 2016 at 10:46 AM, Dilan Udara Ariyaratne <[email protected]> >> wrote: >> >>> Hi Isura, >>> >>> According to the REST API Guidelines that we have defined across all the >>> products, >>> following suggestions can be made regarding the resource paths that you >>> have proposed. >>> >>> [1] Base-path "accountrecovery" has two words in it and they can be >>> separated by a dash, i.e. as "account-recovery". >>> [2] It seems that path "rest" does not make any sense as a resource, so >>> it can be removed. >>> [3] Also, all the underscore signs included in processiong-functions >>> like "reset_password" and resource-paths like "security_questions_response" >>> could be replaced with a dash (-). >>> >> > Thanks for the infomation. I will modify the apis based on your suggetions. > > Thanks > Isura > >> >>> Regards, >>> Dilan. >>> >>> *Dilan U. Ariyaratne* >>> Senior Software Engineer >>> WSO2 Inc. <http://wso2.com/> >>> Mobile: +94766405580 <%2B94766405580> >>> lean . enterprise . middleware >>> >>> >>> On Wed, Jun 8, 2016 at 1:02 PM, Isura Karunaratne <[email protected]> >>> wrote: >>> >>>> Identity Management Recovery API improvements. >>>> >>>> In Identity Server 5.3.0, we are going to implement Identity Management >>>> recovery APIs as rest resources. In current implementations of IS5.0.0, >>>> IS5.1.0 we have soap APIs for recovery scenarios. [1]. >>>> >>>> Captcha validation is coupled with recovery flows in existing soap API >>>> implementation and we have improved Java API to decouple to the captcha >>>> validation from recovery flows in new implementations. [4] >>>> Existing soap APIs.Recover with Notification [2] >>>> >>>> - >>>> >>>> getCaptcha() - Generates a captcha. >>>> - >>>> >>>> verifyUser() - Validates the captcha answer and username and >>>> returns a new key. >>>> - >>>> >>>> sendRecoveryNotification() - Send an email notification with a >>>> confirmation code to the user. Need to provide the key from the previous >>>> call. >>>> - >>>> >>>> getCaptcha() - Generates a captcha when the user clicks on the URL. >>>> - >>>> >>>> verifyConfirmationCode() - Validates the captcha answer and >>>> confirmation code. This returns a key. >>>> - >>>> >>>> updatePassword - Updates the password in the system. Need to >>>> provide the key from the previous call, new password and returns the >>>> status >>>> of the update, true or false. >>>> >>>> Recover with Secret Questions[3] >>>> >>>> - >>>> >>>> getCaptcha() - Generates a captcha. >>>> - >>>> >>>> verifyUser() - Validates the captcha answer and username and >>>> returns a new key. >>>> - >>>> >>>> getUserChallengeQuestionIds() - Retrieve the claim URI IDs >>>> specified for the user with the generated key. Need to provide the key >>>> from >>>> the previous call. >>>> - >>>> >>>> getUserChallengeQuestion() - Retrieve the user’s challenge >>>> question for the specified claim URI ID from the previous call. Need to >>>> provide the key from the previous call. >>>> - >>>> >>>> verifyUserChallengeAnswer() - Validates the answer and >>>> confirmation code for the specified question. Need to provide the key >>>> from >>>> the previous call. >>>> - >>>> >>>> updatePassword() - Updates the password in the system. Need to >>>> provide the key from the previous call, the new password and return the >>>> status of the update, i.e. true or false. >>>> >>>> >>>> >>>> >>>> >>>> New APIs >>>> Recover with Notification >>>> >>>> - >>>> >>>> sendRecoveryNotification() : validate user and returns a new key >>>> through a notification. >>>> - >>>> >>>> updatePassword() : Updates the password in the system. Need to >>>> provide the key from notification, new password >>>> >>>> >>>> Recover with Secret Questions >>>> >>>> - >>>> >>>> intiateUserChallengeQuestion(); validate user and returns a >>>> question to answer with a secret code >>>> - >>>> >>>> verifyUserChallengeAnswer(); validate secret code and answer for >>>> the question in previous step. Return a new question with new secret >>>> until >>>> minimum number of questions are answered. >>>> - >>>> >>>> updatePassword(); Updates the password in the system. Need to >>>> provide the key from notification, new password >>>> >>>> >>>> >>>> New APIs for Multiple Questions at once >>>> >>>> - >>>> >>>> getAllChallegeQuestions(); validate user and returns all questions >>>> to answer with a secret code >>>> - >>>> >>>> validateAllChallengeAnswers(); validate code and all answers and >>>> return a code if success >>>> - >>>> >>>> updatePassword();Updates the password in the system. Need to >>>> provide the key from notification, new password >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> [1] https://docs.wso2.com/display/IS510/Password+Recovery >>>> >>>> [2] >>>> https://docs.wso2.com/display/IS510/Password+Recovery#PasswordRecovery-Recoveryusingnotifications >>>> >>>> [3] >>>> https://docs.wso2.com/display/IS510/Password+Recovery#PasswordRecovery-Recoveryusingchallengequestions >>>> >>>> [4] [Architecture] Decouple capcha validation from Recovery flows >>>> >>>> >>>> >>>> Sample Requests >>>> Send Email Notification >>>> >>>> POST accountrecovery/rest/notification/notify >>>> <https://localhost:9443/accountrecovery/rest/notification/notify> >>>> >>>> >>>> Request Body >>>> >>>> { >>>> >>>> "userName": "testuser", >>>> >>>> "tenantDomain": "carbon.super", >>>> >>>> "userStoreDomain": "PRIMARY" >>>> >>>> } >>>> >>>> >>>> If notifications are internally managed, >>>> >>>> Response Body >>>> >>>> HTTP 200 >>>> >>>> >>>> If notifications are externally managed, >>>> >>>> Response Body >>>> >>>> { >>>> >>>> "user": { >>>> >>>> "userName": "testuser", >>>> >>>> "userStoreDomain": "PRIMARY", >>>> >>>> "tenantDomain": "carbon.super" >>>> >>>> }, >>>> >>>> "key": "f75da810-3478-47f4-80e5-c37556392015" >>>> >>>> } >>>> >>>> >>>> >>>> >>>> >>>> *Reset Password.* >>>> >>>> PUT /accountrecovery/rest/notification/reset_password >>>> >>>> Request Body >>>> >>>> { >>>> >>>> "user": { >>>> >>>> "userName": "test", >>>> >>>> "userStoreDomain": "PRIMARY", >>>> >>>> "tenantDomain": "carbon.super" >>>> >>>> }, >>>> >>>> "code": "e4d6041b-2ea7-4dc1-9ae2-b8e9686e1d12", >>>> >>>> "password": "12345" >>>> >>>> } >>>> >>>> >>>> Response Body >>>> >>>> HTTP 200 >>>> >>>> >>>> >>>> >>>> >>>> Initiate User Challenge Question >>>> >>>> PUT /accountrecovery/rest/questions/initiate >>>> >>>> >>>> >>>> Request Body >>>> >>>> { >>>> >>>> "userName": "admin", >>>> >>>> "userStoreDomain": "PRIMARY", >>>> >>>> "tenantDomain": "carbon.super" >>>> >>>> } >>>> >>>> >>>> >>>> Response body >>>> >>>> { >>>> >>>> "question": "City where you were born ?", >>>> >>>> "questionSetId": "http://wso2.org/claims/challengeQuestion1";, >>>> >>>> "code": "786f63b6-d0b7-4bd7-991e-12e97e4602e3", >>>> >>>> "status": "INCOMPLETE" >>>> >>>> } >>>> >>>> >>>> >>>> >>>> Validate User Challenge Question, >>>> >>>> POST /accountrecovery/security_questions_response >>>> >>>> Request Body >>>> >>>> { >>>> >>>> "user": { >>>> >>>> "userName": "admin", >>>> >>>> "userStoreDomain": "PRIMARY", >>>> >>>> "tenantDomain": "carbon.super" >>>> >>>> }, >>>> >>>> "key": "12454125-15145-45554155", >>>> >>>> "code": "fbc8e9e0-e6fd-4a75-8502-f03e5836930f", >>>> >>>> "answer": "colombo" >>>> >>>> } >>>> >>>> >>>> >>>> Response body >>>> >>>> { >>>> >>>> "question": "what is your favourite food ?", >>>> >>>> "questionSetId": "http://wso2.org/claims/challengeQuestion2";, >>>> >>>> "code": "786f63b6-d0b7-4bd7-991e-12e97e4602e3", >>>> >>>> "status": "INCOMPLETE" >>>> >>>> } >>>> >>>> This should be repeated until status becomes complete. >>>> >>>> >>>> >>>> Response body >>>> >>>> { >>>> >>>> “status” : “COMPLETE”, >>>> >>>> “key” : "3225d2dd-f5fa-44ca-9aa1-d1c32748b569" >>>> >>>> } >>>> >>>> >>>> >>>> Thanks >>>> Isura >>>> >>>> >>>> -- >>>> Isura Dilhara Karunaratne >>>> Senior Software Engineer >>>> >>>> Mob +94 772 254 810 >>>> >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Isura Dilhara Karunaratne > Senior Software Engineer > > Mob +94 772 254 810 > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Gayan Gunawardana Software Engineer; WSO2 Inc.; http://wso2.com/ Email: [email protected] Mobile: +94 (71) 8020933
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
