Child pages
  • Password Reset per email
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

This how-to shows how to trigger a password reset URL to an existing user.

There are two rest calls involved.

Special thanks to marek.detko@forgerock.com for the input.

Step-by-step guide

  1. Call the selfservice/reset endpoint anonymous to get a pwd reset token:


curl -X POST \
  'https://localhost:8443/openidm/selfservice/reset?_action=submitRequirements' \
  -H 'Content-Type: application/json' \
  -H 'X-OpenIDM-Password: anonymous' \
  -H 'X-OpenIDM-Username: anonymous' \
  -d '{"input":{}}'

This will return:

{
    "type": "userQuery",
    "tag": "initial",
    "requirements": {
        "$schema": "http://json-schema.org/draft-04/schema#",
        "description": "Find your account",
        "type": "object",
        "required": [
            "queryFilter"
        ],
        "properties": {
            "queryFilter": {
                "description": "filter string to find account",
                "type": "string"
            }
        }
    },
    "token": "eyJ0eXAiOiJKV1QiLCJjdHkiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.ZXlKMGVYQWlPaUpLVjFRaUxDSmxibU1pT2lKQk1USTRRMEpETFVoVE1qVTJJaXdpWVd4bklqb2lVbE5CTVY4MUluMC5UZEI5OXUzZEdiMEFoOHRZWVVhc1BEMVVTdUNKWVpyUjdBamZSLUxJQXFlWjdVVDRqeU5pSXVucGhlU0Q4SUhWRmJHZy04N3NRNkV1NGR0bkNIbHJBVEtTZDNJZWh0MkF2ZURobjAtZTl4SFNUSFRvMVhGbGdMZUdIXzAtX3JySEh6TlFHUWp2QmlDTWJFOHE2MGpYTFU1VUhMRnFFQmR0Q3dMc2VLQjNFMnl0dk9tNmR6REwtX2V0eGJzZmRXQ3ZrcXdnb3RVdmk4bW5iM2lIdlJYbURlcnIxS2lISTFBLWlWNG8xRjA5eXF3YUl5NEFTQ0QzMDdtbTdna0h5eUgyY2NRd2hhcHJrbERjR2VJZXJMR2ZMbGkybVZLdm5YTzVMQXhRYVpqVG9qNkdHSkVkV2FvNUZUZURrYk55SElfZk5WdENieW93a2JTdjFaam02VWNkUmcucWNkaFZHVlBSZnJHdHVVdTRMOC02QS5vTnFYem1DUWtCQnVxbGR5ejJaOTBmak9ERFI5YnNYaXUxYU4zUno1TVZBTS1Fc1YycnpqNEh5c0RYeF90ZXdyNVVEYVdmaGhCc3lSUEhFOU1qdXIxNFJtaXFmVUxuRmVhVGRUUVJLSmVEdkdxRVlJbGpvTXJHcXoxbFczRFlBa1pRczIxdVE4Skkya1htZUVCMEtjdG1zbFlGcWFQS3R2RjRoQjZvcTk5LTQub1dWOUJ5c2FaLXI2bWNyYXN4bHVLZw.roxkNyCuyxghayW_Gw8PImdOHHNDLhK0IxX6QI2AHNc"
}


  1. The second call with token and user query will send the password reset email to the user:

The call will return

curl -X POST \
  'https://localhost:8443/openidm/selfservice/reset?_action=submitRequirements' \
  -H 'Content-Type: application/json' \
  -H 'X-OpenIDM-Password: anonymous' \
  -H 'X-OpenIDM-Username: anonymous' \
  -d '{"token": "eyJ0eXAiOiJKV1QiLCJjdHkiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.ZXlKMGVYQWlPaUpLVjFRaUxDSmxibU1pT2lKQk1USTRRMEpETFVoVE1qVTJJaXdpWVd4bklqb2lVbE5CTVY4MUluMC5RdlhfdUE1SmxYVzg1aGZxRjl5VEhSTFh1VlJ3MmN2cGdQZjlYRWt0X1JFd2JheS1zSnpMRzFFOGFtNnU2SkkxcWJ5b0NNNmhhdEh1UlhqOFV6RkhCdEdZeXZWWDU5QWIyQ3dmNmRKclhKRWRIelppRzdsQzNvSll6RDY4SmNYUVd2NlhhQlM2SEpLUmdCYklpay1LNngwenYzMVVFUkw3LU4zZ2ZKdTJHaHFScGN4ZW1LVWZCZWdOVDNEQ2VzNVF0TFlUTnRJcFlMTXVvS3RBYUF6WFFlaUJOMWpLeC05UDdvdDFlNHNwRmlQUUlRTzM2VWh5YVFNaVNib1poSm1adEh6OEY3d0Z2MzNTU24yMEZ0dFh5NkFZdkdDamt4X2tFMlJwZ2M1OFhJN1lyRTNMcXB6VGF6cEE5Uk0xZ1ljcjB2WGxRRFZ0UDVDZ3d4U0RoZTFaUXcuZ2loZkE3VVMzeFVjVzV2RDRSUDRZdy5ZbnB3bHpZQW9kNWVqSEdzVlVDQW9WdnVHYXM0R2F6czBkMEpoYXRYRmRVdjNleUxtTWttSHptMVVRWm1TRVNPN3d5NW9sODF1VUQzSlRXUFdmQWxSTGNKOFB5MnlyVVFFTHdJNTc3U1ljTGttZ1ozOUxoTFc3SU5iSFJENzFlRTBKLVNqNmtZU3QzZy1ZcHhIR2dhMUNWMndKRENYdXo1RkJ5VmwxZWFGLTZkbkdld0VSQXdSeWlwUk1TakxRXzVBN19RQzZVYUlfcHdfZnppdllfQjRSTWZtc2JmU2wtVzQwSXdrTXVtLURSY05MdDJoMXVCY3R1amJwUnpKTURDZWpwS2hUdWpRWDRaOVNZUVE5Y1BNdkJnRFA2YXpBbnJ6UUJ5eUFESUUwaWFleGhyaGFORHJzSENSOXo4QWQyUTBnLWUzNWVySGY1NW1BcVZhUVB5WXR1NXNvNEU5WlRoTnNnUXRLdGJ2Q2suOFdaMklNeGVKSV9NTFRtOXhwZDZkZw.MEDsU__vtK91VtftD3x1VTqPJan0kmd_nY2byzHhSyU", "input":{"queryFilter":"userName eq \"hnolan\""}}'
This will return:
{
    "type": "emailValidation",
    "tag": "validateCode",
    "requirements": {
        "$schema": "http://json-schema.org/draft-04/schema#",
        "description": "Verify emailed code",
        "type": "object",
        "required": [
            "code"
        ],
        "properties": {
            "code": {
                "description": "Enter code emailed",
                "type": "string"
            }
        }
    },
    "token": "eyJ0eXAiOiJKV1QiLCJjdHkiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.ZXlKMGVYQWlPaUpLVjFRaUxDSmxibU1pT2lKQk1USTRRMEpETFVoVE1qVTJJaXdpWVd4bklqb2lVbE5CTVY4MUluMC5RdlhfdUE1SmxYVzg1aGZxRjl5VEhSTFh1VlJ3MmN2cGdQZjlYRWt0X1JFd2JheS1zSnpMRzFFOGFtNnU2SkkxcWJ5b0NNNmhhdEh1UlhqOFV6RkhCdEdZeXZWWDU5QWIyQ3dmNmRKclhKRWRIelppRzdsQzNvSll6RDY4SmNYUVd2NlhhQlM2SEpLUmdCYklpay1LNngwenYzMVVFUkw3LU4zZ2ZKdTJHaHFScGN4ZW1LVWZCZWdOVDNEQ2VzNVF0TFlUTnRJcFlMTXVvS3RBYUF6WFFlaUJOMWpLeC05UDdvdDFlNHNwRmlQUUlRTzM2VWh5YVFNaVNib1poSm1adEh6OEY3d0Z2MzNTU24yMEZ0dFh5NkFZdkdDamt4X2tFMlJwZ2M1OFhJN1lyRTNMcXB6VGF6cEE5Uk0xZ1ljcjB2WGxRRFZ0UDVDZ3d4U0RoZTFaUXcuZ2loZkE3VVMzeFVjVzV2RDRSUDRZdy5ZbnB3bHpZQW9kNWVqSEdzVlVDQW9WdnVHYXM0R2F6czBkMEpoYXRYRmRVdjNleUxtTWttSHptMVVRWm1TRVNPN3d5NW9sODF1VUQzSlRXUFdmQWxSTGNKOFB5MnlyVVFFTHdJNTc3U1ljTGttZ1ozOUxoTFc3SU5iSFJENzFlRTBKLVNqNmtZU3QzZy1ZcHhIR2dhMUNWMndKRENYdXo1RkJ5VmwxZWFGLTZkbkdld0VSQXdSeWlwUk1TakxRXzVBN19RQzZVYUlfcHdfZnppdllfQjRSTWZtc2JmU2wtVzQwSXdrTXVtLURSY05MdDJoMXVCY3R1amJwUnpKTURDZWpwS2hUdWpRWDRaOVNZUVE5Y1BNdkJnRFA2YXpBbnJ6UUJ5eUFESUUwaWFleGhyaGFORHJzSENSOXo4QWQyUTBnLWUzNWVySGY1NW1BcVZhUVB5WXR1NXNvNEU5WlRoTnNnUXRLdGJ2Q2suOFdaMklNeGVKSV9NTFRtOXhwZDZkZw.MEDsU__vtK91VtftD3x1VTqPJan0kmd_nY2byzHhSyU"
}



email settings can be found on https://localhost:8443/admin/#emailsettings/

and on password reset page you can set the lifetime of the token: https://localhost:8443/admin/#selfservice/passwordreset/



  • No labels