Scenario:
After user logged into front-end application, user might wish to change their password. So, they click a button which redirect to fusionauth update password form. I am using a community edition (a free version) of fusionauth which do not have an out of the box solution.
So, after reading through lot of documentation I achieved this in following way:
My Controller Method:
@GetMapping("/user/{email}/update-password")
fun updateUserPassword(@PathVariable("email") email: String, response: HttpServletResponse) {
val formUrl = userService.getUpdateFormUrl(email)
response.sendRedirect(formUrl)
}
getUpdateFormUrl()
fun getUpdateFormUrl(email: String): String {
val changePasswordId = authClient.retrieveChangePasswordId(email)
return authClient.generateFormUrl()
}
retrieveChangePasswordId(email) is basically a following POST request to your fusionauth server
method: POST
URL: http://localhost:8080/api/user/forgot-password
body:
{
"loginId" : "<user email or username>",
"sendForgotPasswordEmail" : false
}
Headers:
X-FusionAuth-TenantId : <Your tenantId or default tenant id if you have only one>
Authorization: <Api key for fusionauth server>
Content-Type: application/json
Response will be:
{
"changePasswordId": <some sha string>
}
generateFormUrl() :
fun generateFormUrl(changePasswordId: String) {
return UriComponentsBuilder.fromUriString("http://localhost:8080/")
.path("password/change/${changePasswordId}")
.queryParam("changePasswordId", changePasswordId)
.queryParam("tenantId", "<your tenantId>")
.queryParam("client_id", "<your application or client id>")
.queryParam("redirect_uri", "<your redirect uri where you want your user to redirect>")
.queryParam("scope", "offline_access")
.queryParam("response_type", "code")
.queryParam("state", "<random uuid as fusion auth expects some value for redirect to work>")
.uri.build().toString()
}
So, when you hit your backend on GET: /user/{email}/update-password
then this will redirect to FusionAuth update password form!
NOTE: changePasswordId is only valid for 10 minutes by default, so consider increasing it a bit more time if you want a little bit more room for your users. To change this: Go to fusionauth portal >> Select Tenant >> Advanced >> Change Password time to whatever you want.