Hi, As I am working on fixing https://wso2.org/jira/browse/IDENTITY-5284, in the user-name recovery UI we have below two options.
1. Making First name, Last name and Email mandatory in the recovery UI 2. Keep them optional and validate at the back-end only if fields are provided by the client. What is the preferred behavior from above considering UX? Further, backend recovery API doesn't validate First name, Last name and Email claims as mandatory and tries to find a user based on *provided claim* values. [1] As of now, this validation returns user-name whenever a matching user is found based on order of claims. It doesn't consider all the claims. >From the client webapp it filter out First name, Last name and Email claims for user-name recovery along with any other mandatory claims in the system. [1] https://github.com/wso2-extensions/identity-governance/blob/master/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/username/NotificationUsernameRecoveryManager.java#L182 <https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2Fwso2-extensions%2Fidentity-governance%2Fblob%2Fmaster%2Fcomponents%2Forg.wso2.carbon.identity.recovery%2Fsrc%2Fmain%2Fjava%2Forg%2Fwso2%2Fcarbon%2Fidentity%2Frecovery%2Fusername%2FNotificationUsernameRecoveryManager.java%23L182&sa=D&sntz=1&usg=AFQjCNFVaciYduqr0Q10LuUHi2K7hx62yA> [2] https://github.com/wso2/carbon-identity-framework/blob/master/components/identity-mgt/org.wso2.carbon.identity.mgt.endpoint/src/main/webapp/username-recovery.jsp#L45 <https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2Fwso2%2Fcarbon-identity-framework%2Fblob%2Fmaster%2Fcomponents%2Fidentity-mgt%2Forg.wso2.carbon.identity.mgt.endpoint%2Fsrc%2Fmain%2Fwebapp%2Fusername-recovery.jsp%23L45&sa=D&sntz=1&usg=AFQjCNGG3uBbYgcQQzHySILythLgJ8I9yw> Regards, -Ayesha On Thu, Oct 27, 2016 at 8:39 PM, Ayesha Dissanayaka <[email protected]> wrote: > Yes. It is not a good user experience to be able to send random email > address and still be able to recover information. > > Created bug jira https://wso2.org/jira/browse/IDENTITY-5284. > > On Thu, Oct 27, 2016 at 6:57 PM, Johann Nallathamby <[email protected]> > wrote: > >> Then we need to open a "Bug" jira and fix it IMO :). The current one can >> be left as an improvement for future to dynamically decide to show claims >> to uniquely identify the user. >> >> On Thu, Oct 27, 2016 at 6:15 PM, Ayesha Dissanayaka <[email protected]> >> wrote: >> >>> >>> On Thu, Oct 27, 2016 at 6:07 PM, Johann Nallathamby <[email protected]> >>> wrote: >>> >>>> But then at least we have to make sure all the fields that we show are >>>> validated. Otherwise as pointed out in the first mail it is confusing for >>>> the user right? Are the claims configurable? All the claims we show in the >>>> UI must be validated or we must not show them IMO. >>>> >>> >>> Agreed with Johan. >>> Same as I mentioned in Jira, >>> >>> "As of now if one entry is enough to identify a user in the user stores, >>> others get discarded. Instead it should ask for more information from user >>> on demand manner or should validate all the entry values at once." >>> >>> -- >>> *Ayesha Dissanayaka* >>> Software Engineer, >>> WSO2, Inc : http://wso2.com >>> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> >>> 20, Palmgrove Avenue, Colombo 3 >>> E-Mail: [email protected] <[email protected]> >>> >> >> >> >> -- >> Thanks & Regards, >> >> *Johann Dilantha Nallathamby* >> Technical Lead & Product Lead of WSO2 Identity Server >> Governance Technologies Team >> WSO2, Inc. >> lean.enterprise.middleware >> >> Mobile - *+94777776950* >> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >> > > > > -- > *Ayesha Dissanayaka* > Software Engineer, > WSO2, Inc : http://wso2.com > <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> > 20, Palmgrove Avenue, Colombo 3 > E-Mail: [email protected] <[email protected]> > -- *Ayesha Dissanayaka* Software Engineer, WSO2, Inc : http://wso2.com <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> 20, Palmgrove Avenue, Colombo 3 E-Mail: [email protected] <[email protected]>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
