This example is showing the ability that user can change his/her mail address by verifying the new mail address through a one time code.


User Flow


  1. base is just the idm example under samples/sync-with-csv
  2. mailHelper.js file to ./script
  3. emailTemplate-verifyChange.json file to ./conf
  4. new managed.json in ./conf
  5. custom rest endpoint mailvalidation ./conf and ./script
  6. Mail configuration to receive mails ./conf
  7. access.js in ./script to allow calling custom rest endpoint

Detail description of the flow

User changes mail address

User logs in dashboard http://localhost:8080/#/profile and changes mail address This will trigger the onUpdate script of user managed object

onUpdate script:

require('onUpdateUser').preserveLastSync(object, oldObject, request);require('mailHelper').checkChange(context, 'mail', object, oldObject);

checkChange is called in mailHelper.js (.script/) This creates:

"verificationData": {
                "mail": {
                    "code": 72594,
                    "value": ""

NOTE that the new email is now in verificationData.mail.value and old mail is still in user.mail

Mail is send out to new users mail with URL to click for mail change verificationData

mail send out part of the code:

var emailConfig ="config/"),
    Handlebars = require('lib/handlebars'),
    emailTemplate ="config/emailTemplate/verifyChange");

// revert the change to the attribute, pending verification
object[attribute] = oldObject[attribute];

// copied from onCreateUser.emailUser()
var email,
    locale = emailTemplate.defaultLocale;

email =  {
    "from": emailTemplate.from || emailConfig.from,
    "to": object.verificationData[attribute].value,
    "subject": emailTemplate.subject[locale],
    "type": "text/html"

template = Handlebars.compile(emailTemplate.message[locale]);

email.body = template({
    "object": object,
    "verification": object.verificationData[attribute]

// do NOT wait for completion, so that this call will succeed even if email fails to send
openidm.action("external/email", "send", email, { waitForCompletion: false });


User checks mail and clicks to URL for verification


The call reads user object (as in userid=bjensen) and checks code value users object is updated with mail=newMailAddress

Final mail is send out to user.

Thanks to

Jake for initial scripts (especialliy to call the mail template!!!)


Copyright 2014-2017 ForgeRock AS. All Rights Reserved

Use of this code requires a commercial software license with ForgeRock AS. or with one of its affiliates. All use shall be exclusively subject to such license between the licensee and ForgeRock AS.

One-Way Sync With CSV Sample

This sample demonstrates reconciliation between a CSV file and the managed/user repository. For documentation relating to this sample, see

Source Code of this example is under

Related articles

Related articles appear here based on the labels you select. Click to edit the macro and add or change labels.

Related issues