On Mon, May 16, 2016 at 10:34 AM, Johann Nallathamby <[email protected]> wrote:
> > > On Mon, May 16, 2016 at 10:25 AM, Isura Karunaratne <[email protected]> > wrote: > >> Hi, >> >> We are planning to expose recovery APIS in IS 5.3.0 as rest APIS. And >> also, we are trying to reduce the complexity and improve the performance in >> existing recovery java APIs as well. >> >> Currently, we have two ways of password recovery methods, >> >> >> - Recover with a notification >> - Recover with secret questions. >> >> *Recover with a notification* >> >> It is required to go through following sequences to recover password >> using an email in existing APIs >> >> *getCaptcha*() - Generates a captcha. >> *verifyUser*() - Validates the captcha answer and username and returns >> a new key. >> *sendRecoveryNotification*() - Send an email notification with a >> confirmation code to the user. Need to provide the key from the previous >> call. >> *getCaptcha*() - Generates a captcha when the user clicks on the URL. >> *verifyConfirmationCode*() - Validates the captcha answer and >> confirmation code. This returns a key. >> *updatePassword* - Updates the password in the system. Need to provide >> the key from the previous call, new password and returns the status of the >> update, true or false. >> >> >> >> *Recover with Secret Questions* >> >> It is required to go through following sequences to recover password >> using a secret quesitons in existing APIs >> >> *getCaptcha*() - Generates a captcha. >> *verifyUser*() - Validates the captcha answer and username and returns >> a new key. >> *getUserChallengeQuestionIds*() - Retrieve the cliam URI IDs specified >> for the user with the generated key. Need to provide the key from the >> previous call. >> *getUserChallengeQuestion*() - Retrieve the user’s challenge question >> for the specified claim URI ID from the previous call. Need to provide the >> key from the previous call. >> *verifyUserChallengeAnswer*() - Validates the answer and confirmation >> code for the specified question. Need to provide the key from the previous >> call. >> *updatePassword*() - Updates the password in the system. Need to >> provide the key from the previous call, the new password and return the >> status of the update, i.e. true or false. >> >> >> >> >> Currenlty, we are using kaptcha as the captcha generation engine and in >> IS5.3.0 we are planning to support reCaptcha[1] instead of kapcha. >> >> In both of above recovery scenarios, >> >> If we manage captcha validation internally, captcha validation is tightly >> coupled with the recovery sequences. In 5.3.0, We are planning to decouple >> the captcha validation with recovery APIs. >> So, captcha validation should be done by the application. >> > > In IS 5.3.0 by application I guess you also mean the account recovery > webapp which will be shipped with IS for OOTB account recovery. So > basically the captcha validation would happen between the user recovery > webapp and the re-captcha service instead of coming to our backend service > APIs. Right ? > > Yes. Thanks Isura > >> WDYT? >> >> >> Thanks >> Isura >> >> >> >> [1] https://www.google.com/recaptcha/intro/index.html >> -- >> Isura Dilhara Karunaratne >> Senior Software Engineer >> >> Mob +94 772 254 810 >> >> > > > -- > Thanks & Regards, > > *Johann Dilantha Nallathamby* > Technical Lead & Product Lead of WSO2 Identity Server > Governance Technologies Team > WSO2, Inc. > lean.enterprise.middleware > > Mobile - *+94777776950* > Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* > -- Isura Dilhara Karunaratne Senior Software Engineer Mob +94 772 254 810
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
