Child pages
  • Password Reset per email
Skip to end of metadata
Go to start of metadata

This how-to shows how to trigger a password reset URL to an existing user.

There are two rest calls involved.

Special thanks to marek.detko@forgerock.com for the input.

Step-by-step guide

  1. Call the selfservice/reset endpoint anonymous to get a pwd reset token:


curl -X POST \
  'https://localhost:8443/openidm/selfservice/reset?_action=submitRequirements' \
  -H 'Content-Type: application/json' \
  -H 'X-OpenIDM-Password: anonymous' \
  -H 'X-OpenIDM-Username: anonymous' \
  -d '{"input":{}}'

This will return:

{
    "type": "userQuery",
    "tag": "initial",
    "requirements": {
        "$schema": "http://json-schema.org/draft-04/schema#",
        "description": "Find your account",
        "type": "object",
        "required": [
            "queryFilter"
        ],
        "properties": {
            "queryFilter": {
                "description": "filter string to find account",
                "type": "string"
            }
        }
    },
    "token": "eyJ0eXAiOiJKV1QiLCJjdHkiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.ZXlKMGVYQWlPaUpLVjFRaUxDSmxibU1pT2lKQk1USTRRMEpETFVoVE1qVTJJaXdpWVd4bklqb2lVbE5CTVY4MUluMC5UZEI5OXUzZEdiMEFoOHRZWVVhc1BEMVVTdUNKWVpyUjdBamZSLUxJQXFlWjdVVDRqeU5pSXVucGhlU0Q4SUhWRmJHZy04N3NRNkV1NGR0bkNIbHJBVEtTZDNJZWh0MkF2ZURobjAtZTl4SFNUSFRvMVhGbGdMZUdIXzAtX3JySEh6TlFHUWp2QmlDTWJFOHE2MGpYTFU1VUhMRnFFQmR0Q3dMc2VLQjNFMnl0dk9tNmR6REwtX2V0eGJzZmRXQ3ZrcXdnb3RVdmk4bW5iM2lIdlJYbURlcnIxS2lISTFBLWlWNG8xRjA5eXF3YUl5NEFTQ0QzMDdtbTdna0h5eUgyY2NRd2hhcHJrbERjR2VJZXJMR2ZMbGkybVZLdm5YTzVMQXhRYVpqVG9qNkdHSkVkV2FvNUZUZURrYk55SElfZk5WdENieW93a2JTdjFaam02VWNkUmcucWNkaFZHVlBSZnJHdHVVdTRMOC02QS5vTnFYem1DUWtCQnVxbGR5ejJaOTBmak9ERFI5YnNYaXUxYU4zUno1TVZBTS1Fc1YycnpqNEh5c0RYeF90ZXdyNVVEYVdmaGhCc3lSUEhFOU1qdXIxNFJtaXFmVUxuRmVhVGRUUVJLSmVEdkdxRVlJbGpvTXJHcXoxbFczRFlBa1pRczIxdVE4Skkya1htZUVCMEtjdG1zbFlGcWFQS3R2RjRoQjZvcTk5LTQub1dWOUJ5c2FaLXI2bWNyYXN4bHVLZw.roxkNyCuyxghayW_Gw8PImdOHHNDLhK0IxX6QI2AHNc"
}


  1. The second call with token and user query will send the password reset email to the user:

The call will return

curl -X POST \
  'https://localhost:8443/openidm/selfservice/reset?_action=submitRequirements' \
  -H 'Content-Type: application/json' \
  -H 'X-OpenIDM-Password: anonymous' \
  -H 'X-OpenIDM-Username: anonymous' \
  -d '{"token": "eyJ0eXAiOiJKV1QiLCJjdHkiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.ZXlKMGVYQWlPaUpLVjFRaUxDSmxibU1pT2lKQk1USTRRMEpETFVoVE1qVTJJaXdpWVd4bklqb2lVbE5CTVY4MUluMC5RdlhfdUE1SmxYVzg1aGZxRjl5VEhSTFh1VlJ3MmN2cGdQZjlYRWt0X1JFd2JheS1zSnpMRzFFOGFtNnU2SkkxcWJ5b0NNNmhhdEh1UlhqOFV6RkhCdEdZeXZWWDU5QWIyQ3dmNmRKclhKRWRIelppRzdsQzNvSll6RDY4SmNYUVd2NlhhQlM2SEpLUmdCYklpay1LNngwenYzMVVFUkw3LU4zZ2ZKdTJHaHFScGN4ZW1LVWZCZWdOVDNEQ2VzNVF0TFlUTnRJcFlMTXVvS3RBYUF6WFFlaUJOMWpLeC05UDdvdDFlNHNwRmlQUUlRTzM2VWh5YVFNaVNib1poSm1adEh6OEY3d0Z2MzNTU24yMEZ0dFh5NkFZdkdDamt4X2tFMlJwZ2M1OFhJN1lyRTNMcXB6VGF6cEE5Uk0xZ1ljcjB2WGxRRFZ0UDVDZ3d4U0RoZTFaUXcuZ2loZkE3VVMzeFVjVzV2RDRSUDRZdy5ZbnB3bHpZQW9kNWVqSEdzVlVDQW9WdnVHYXM0R2F6czBkMEpoYXRYRmRVdjNleUxtTWttSHptMVVRWm1TRVNPN3d5NW9sODF1VUQzSlRXUFdmQWxSTGNKOFB5MnlyVVFFTHdJNTc3U1ljTGttZ1ozOUxoTFc3SU5iSFJENzFlRTBKLVNqNmtZU3QzZy1ZcHhIR2dhMUNWMndKRENYdXo1RkJ5VmwxZWFGLTZkbkdld0VSQXdSeWlwUk1TakxRXzVBN19RQzZVYUlfcHdfZnppdllfQjRSTWZtc2JmU2wtVzQwSXdrTXVtLURSY05MdDJoMXVCY3R1amJwUnpKTURDZWpwS2hUdWpRWDRaOVNZUVE5Y1BNdkJnRFA2YXpBbnJ6UUJ5eUFESUUwaWFleGhyaGFORHJzSENSOXo4QWQyUTBnLWUzNWVySGY1NW1BcVZhUVB5WXR1NXNvNEU5WlRoTnNnUXRLdGJ2Q2suOFdaMklNeGVKSV9NTFRtOXhwZDZkZw.MEDsU__vtK91VtftD3x1VTqPJan0kmd_nY2byzHhSyU", "input":{"queryFilter":"userName eq \"hnolan\""}}'
This will return:
{
    "type": "emailValidation",
    "tag": "validateCode",
    "requirements": {
        "$schema": "http://json-schema.org/draft-04/schema#",
        "description": "Verify emailed code",
        "type": "object",
        "required": [
            "code"
        ],
        "properties": {
            "code": {
                "description": "Enter code emailed",
                "type": "string"
            }
        }
    },
    "token": "eyJ0eXAiOiJKV1QiLCJjdHkiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.ZXlKMGVYQWlPaUpLVjFRaUxDSmxibU1pT2lKQk1USTRRMEpETFVoVE1qVTJJaXdpWVd4bklqb2lVbE5CTVY4MUluMC5RdlhfdUE1SmxYVzg1aGZxRjl5VEhSTFh1VlJ3MmN2cGdQZjlYRWt0X1JFd2JheS1zSnpMRzFFOGFtNnU2SkkxcWJ5b0NNNmhhdEh1UlhqOFV6RkhCdEdZeXZWWDU5QWIyQ3dmNmRKclhKRWRIelppRzdsQzNvSll6RDY4SmNYUVd2NlhhQlM2SEpLUmdCYklpay1LNngwenYzMVVFUkw3LU4zZ2ZKdTJHaHFScGN4ZW1LVWZCZWdOVDNEQ2VzNVF0TFlUTnRJcFlMTXVvS3RBYUF6WFFlaUJOMWpLeC05UDdvdDFlNHNwRmlQUUlRTzM2VWh5YVFNaVNib1poSm1adEh6OEY3d0Z2MzNTU24yMEZ0dFh5NkFZdkdDamt4X2tFMlJwZ2M1OFhJN1lyRTNMcXB6VGF6cEE5Uk0xZ1ljcjB2WGxRRFZ0UDVDZ3d4U0RoZTFaUXcuZ2loZkE3VVMzeFVjVzV2RDRSUDRZdy5ZbnB3bHpZQW9kNWVqSEdzVlVDQW9WdnVHYXM0R2F6czBkMEpoYXRYRmRVdjNleUxtTWttSHptMVVRWm1TRVNPN3d5NW9sODF1VUQzSlRXUFdmQWxSTGNKOFB5MnlyVVFFTHdJNTc3U1ljTGttZ1ozOUxoTFc3SU5iSFJENzFlRTBKLVNqNmtZU3QzZy1ZcHhIR2dhMUNWMndKRENYdXo1RkJ5VmwxZWFGLTZkbkdld0VSQXdSeWlwUk1TakxRXzVBN19RQzZVYUlfcHdfZnppdllfQjRSTWZtc2JmU2wtVzQwSXdrTXVtLURSY05MdDJoMXVCY3R1amJwUnpKTURDZWpwS2hUdWpRWDRaOVNZUVE5Y1BNdkJnRFA2YXpBbnJ6UUJ5eUFESUUwaWFleGhyaGFORHJzSENSOXo4QWQyUTBnLWUzNWVySGY1NW1BcVZhUVB5WXR1NXNvNEU5WlRoTnNnUXRLdGJ2Q2suOFdaMklNeGVKSV9NTFRtOXhwZDZkZw.MEDsU__vtK91VtftD3x1VTqPJan0kmd_nY2byzHhSyU"
}


For registration without token you can use just:

https://localhost:8443/openidm/selfservice/registration?_action=submitRequirements
{"input": 

    {"user": 
        {
            "mail": "Hanns.Nolan@forgerock.com", 
            "sn": "Nolan", 
            "givenName": "Hanns", 
            "userName": "hnolan",
....
        }
    }
}



email settings can be found on https://localhost:8443/admin/#emailsettings/

and on password reset page you can set the lifetime of the token: https://localhost:8443/admin/#selfservice/passwordreset/