On Wednesday, March 15, 2017, Dilan Udara Ariyaratne <[email protected]> wrote:
> > On Tue, Mar 14, 2017 at 11:08 AM, Gayan Gunawardana <[email protected] > <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote: > >> >> >> On Tue, Mar 14, 2017 at 10:58 AM, Hasanthi Purnima Dissanayake < >> [email protected] <javascript:_e(%7B%7D,'cvml','[email protected]');>> >> wrote: >> >>> Hi all, >>> >>> We are in the process of implementing Admin Forced Password Reset via >>> Offline for existing users in Admin Portal for the new IS 6.0.0 release. >>> The wireframe design for the UI is found at [1]. >>> >>> Admin can select a user and generate a password for the selected user. >>> This generated password is an OTP. >>> >>> This OTP is: >>> 1. Not adhere to any password policy. >>> 2. There is no validity period >>> 3. Once this OTP is used it expires. >>> 4. Not considered like a normal password and we are going to store it in >>> IDN_RECOVERY_DATA table. >>> >> If admin generates two or more OTPs, what is the behavior ? >> All valid or last one valid ? >> Suppose there is two and we consume only first one, in that case does it >> invalidate second one ? >> > > Why should we allow multiple OTPs for a particular user at a given time ? > Cannot we keep only one valid OTP for a user at a given time and override > it at the point of creating a new one ? > I too have the same concern. What is the idea behind allowing multiple OTPs at any point of time? Isn't the usual practice to keep only the latest OTP active? > >>> [1] https://github.com/wso2-dev-ux/product-is/blob/master/Wirefr >>> ames/admin-portal/v3/3.32%20%20Reset%20password%20with%20off >>> line%20OTP%20-%20password%20generated.png >>> >>> Thanks, >>> >>> Hasanthi Dissanayake >>> >>> Software Engineer | WSO2 >>> >>> E: [email protected] <javascript:_e(%7B%7D,'cvml','[email protected]');> >>> M :0718407133| http://wso2.com <http://wso2.com/> >>> >> >> >> >> -- >> Gayan Gunawardana >> Software Engineer; WSO2 Inc.; http://wso2.com/ >> Email: [email protected] <javascript:_e(%7B%7D,'cvml','[email protected]');> >> Mobile: +94 (71) 8020933 >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> <javascript:_e(%7B%7D,'cvml','[email protected]');> >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > -- *A.Farasath Ahamed* Software Engineer | WSO2 Inc. Mobile: +94 777 603 866 Blog: blog.farazath.com E-Mail: [email protected]
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
