End-user Password REST api

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

End-user Password REST api

John Peter
Does end-user require any setting to perform below requests. I always get 
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: End-user Password REST api

ilgrosso
Administrator
On 07/10/2016 14:08, John Peter wrote:
Does end-user require any setting to perform below requests. I always get 
"HTTP Status 401 - User not authenticated".


This endpoint is only accessible by users which were flagged with 'MustChangePassword' (from the admin console, for example).


This is only accessible as anonymous (if you are resetting your password, then you should not be able to authenticate).


This is only accessible as anonymous (if you want to reset your password, then you should not be able to authenticate).


You can take a look at how dealing with such REST endpoints is supposed to work by taking a look at

https://github.com/apache/syncope/blob/2_0_X/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserSelfITCase.java#L256

for the password reset process and

https://github.com/apache/syncope/blob/2_0_X/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserSelfITCase.java#L358

for handling 'MustChangePassword'.

If you are instead only trying to understand how an user can update his own password, then the REST endpoint is

PATCH /users/self

or

PUT /users/self

depending on the payload.

HTH
Regards.
-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: End-user Password REST api

John Peter
Thank you !! I would have a look at it.

Thanks.

On Fri, Oct 7, 2016 at 5:48 PM, Francesco Chicchiriccò <[hidden email]> wrote:
On 07/10/2016 14:08, John Peter wrote:
Does end-user require any setting to perform below requests. I always get 
"HTTP Status 401 - User not authenticated".


This endpoint is only accessible by users which were flagged with 'MustChangePassword' (from the admin console, for example).


This is only accessible as anonymous (if you are resetting your password, then you should not be able to authenticate).


This is only accessible as anonymous (if you want to reset your password, then you should not be able to authenticate).


You can take a look at how dealing with such REST endpoints is supposed to work by taking a look at

https://github.com/apache/syncope/blob/2_0_X/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserSelfITCase.java#L256

for the password reset process and

https://github.com/apache/syncope/blob/2_0_X/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserSelfITCase.java#L358

for handling 'MustChangePassword'.

If you are instead only trying to understand how an user can update his own password, then the REST endpoint is

PATCH /users/self

or

PUT /users/self

depending on the payload.

HTH
Regards.
-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/

Loading...