When user performs self-registration, the registration system should perform a check on their registered email address, to make sure it is live and valid before provisioning to other target systems. This will be done by sending out a verification link to the user, which contains a unique verification code that the user enters to confirm their email address is live. Once confirmed, user is classified as verified, and can be provisioned to appropriate systems.
Within conf/ui-configuration.json file, set "selfRegistration" : true, within the configuration object. Refresh the UI to see the register account link.
Setup External Email Server
We'll need an external email server so we can send out the verification emails. Edit the conf/external.email.json file with your email server details.
Set On-Create Default Values
Create Custom Endpoint To Handle Verification Response
The verification URL we sent out in the email, points to a custom endpoint. We need to build out the endpoint to handle the response and update the user to acknowledge they're verified.
Create a file called conf/endpoint-verifyEmail.json with the following settings:
"context" : "endpoint/verifyEmail",
"file" : "script/verifyEmail.js"
Create the script/verifyEmail.js to handle the verification. This needs to take the username and verification code given as parameters in the URL, check the code matches and update the user appropriately.
This basically confirms the code submitted matches to that of the found user record. If so, the attribute verified=false is patched to verified=true.
The verified=true attribute can then be leveraged in the appropriate conf/sync.json mapping, for like validSource checking, or making accounts active/inactive on target systems, if already provisioned.
Allow Access To Your Endpoint
OpenIDM doesn't allow fully un-authenticated user access to any endpoints. OpenIDM however, does come with an anonymous user that can be used for self-registration and also access to our custom endpoint. Edit the script/access.js file to add in an authorization entry for the custom endpoint, with the openidm-reg role (that gives anonymous access) able to access the endpoint.
//Used to verify email addresses so public
"pattern" : "endpoint/verifyEmail",
"roles" : "openidm-reg*",
"methods" : "read, query",
"actions" : "*",
To access the endpoint during a proof of concept or test, simply use curl or a browser based REST client, adding in a header with the anonymous username and anonymous password.
Code available here on Github