[aerogear-dev] Password reset

Sebastien Blanc scm.blanc at gmail.com
Thu Dec 5 09:18:31 EST 2013


On Thu, Dec 5, 2013 at 1:55 PM, Bruno Oliveira <bruno at abstractj.org> wrote:

> I think we can validate the whole example and check what’s missing and add
> PicketLink later. Do you think is a great idea to be “storage” agnostic?
>

+1


>
> On December 5, 2013 at 10:48:15 AM, Sebastien Blanc (scm.blanc at gmail.com)
> wrote:
> > For first registrations, I presume it uses the same endpoint ? I'm
> thinking of this scenario :
>
> The same endpoint? Not following you on it.
>

I mean a user who make a request because he forgot his password and an
admin creating a new user will use the same service as the result will be
the same : the encrypted email


>
> > - An admin creates a new users just by providing a loginName.
> > - The backend creates the user and returns the url as explained above.
> > - Admin sends the link to the user.
>
> Here is the workflow which I really would like to change. When and admin
> sends the url to the user, we have some cons:
>
> - We have no control over it, if the admin is just sending it without SSL
> or not.
> - An admin can generate thousands of urls
> - The process is completely manual
>

+1 but putting aside the "console" this process his mainly the
responsability of the admin, UPS "just" offers endpoints

>
> My suggestion is to implement something with <put your hipster framework
> to send e-mails here>. Make sense? I’m not saying this is a top huge
> priority, but necessary.
>

Indeed that will be the nicest but again there were already some
discussions to have or not email functionality inside UPS  and as you say
it's not the top prio for the 0.10.0 release.
For 0.10.0 the URI will just be returned to the admin, for future releases
we could think of integrating that in UPS or calling a third service that
handles the email. We have also to keep in mind that all this must work in
a openshift instance (cartridge)

>
> > - User click the link and set his password.
> --
> abstractj
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20131205/a3ee3463/attachment.html 


More information about the aerogear-dev mailing list