password-reset
« Previous section Next section »
UCloud Developer Guide / Core / Users / Authentication / Password Reset
Password Reset
Users that authenticate with the password backend have the ability to reset their password.
Rationale
Users have the ability to reset their password from the Login page, using their email address. When the user submits an email address, the response will always be a 200 OK
(for security reasons).
In case the email address is valid, the PasswordResetService
will act as follows:
Generate a random
token
.Send a link with the
token
to the provided email address.Save the token along with the user's id and an
expiresAt
timestamp (set tonow + 30 minutes
) in the database.
When the user click's the link in the email sent from the service, he/she will be taken to a "Enter new password" page. Upon submission, the PasswordResetService
will check if the token is valid (i.e. if it exists in the database table) and not expired (now < expiresAt
). If so, a request with be sent to the auth-service
to change the password through an end-point only accessible to PasswordResetService
.
⚠️ WARNING: The API listed on this page will likely change to conform with our API conventions. Be careful when building integrations. The following changes are expected:
RPC names will change to conform with the conventions
RPC request and response types will change to conform with the conventions
RPCs which return a page will be collapsed into a single
browse
endpointSome property names will change to be consistent with
Resource
s
Table of Contents
Remote Procedure Calls
reset
reset
Initialize password-reset procedure by generating a token and sending an email to the user.
Request | Response | Error |
---|---|---|
newPassword
newPassword
Reset the password of a user based on a generated password-reset token.
Request | Response | Error |
---|---|---|
Data Models
NewPasswordRequest
NewPasswordRequest
PasswordResetRequest
PasswordResetRequest
Last updated