bh4r4th
1 supporter
Login
bh4r4th
Posts
FusionAuth: Change password flow

FusionAuth: Change password flow

Oct 26, 2022

Scenario:

After user logged into front-end application, user might wish to change their password. So, they click a button which redirect to fusionauth update password form. I am using a community edition (a free version) of fusionauth which do not have an out of the box solution.

So, after reading through lot of documentation I achieved this in following way:

My Controller Method:

@GetMapping("/user/{email}/update-password")
    fun updateUserPassword(@PathVariable("email") email: String, response: HttpServletResponse) {
        val formUrl = userService.getUpdateFormUrl(email)

        response.sendRedirect(formUrl)
 }

getUpdateFormUrl()

fun getUpdateFormUrl(email: String): String {
   val changePasswordId = authClient.retrieveChangePasswordId(email)
   return authClient.generateFormUrl()
}

retrieveChangePasswordId(email) is basically a following POST request to your fusionauth server

method: POST
URL: http://localhost:8080/api/user/forgot-password
body:
{
    "loginId" : "<user email or username>",
     "sendForgotPasswordEmail" : false
}

Headers:
X-FusionAuth-TenantId : <Your tenantId or default tenant id if you have only one>
Authorization: <Api key for fusionauth server>
Content-Type: application/json

Response will be:
{
    "changePasswordId": <some sha string>
}

generateFormUrl() :

fun generateFormUrl(changePasswordId: String) {
return UriComponentsBuilder.fromUriString("http://localhost:8080/")
           .path("password/change/${changePasswordId}")
           .queryParam("changePasswordId", changePasswordId)
           .queryParam("tenantId", "<your tenantId>")
           .queryParam("client_id", "<your application or client id>")
           .queryParam("redirect_uri", "<your redirect uri where you want your user to redirect>")
           .queryParam("scope", "offline_access")
           .queryParam("response_type", "code")
           .queryParam("state", "<random uuid as fusion auth expects some value for redirect to work>")
           .uri.build().toString()
}

So, when you hit your backend on GET: /user/{email}/update-password

then this will redirect to FusionAuth update password form!

NOTE: changePasswordId is only valid for 10 minutes by default, so consider increasing it a bit more time if you want a little bit more room for your users. To change this: Go to fusionauth portal >> Select Tenant >> Advanced >> Change Password time to whatever you want.

Enjoy this post?

Buy bh4r4th a coffee

More from bh4r4th

    Item 1 of 1
    English
    PrivacyTermsReport
    Start your Buy Me a Coffee page