YoMurphy
commented
6 years ago Approve
Closed DanielCaspers closed 3 years ago
YoMurphy
commented
6 years ago Approve
DanielCaspers
commented
6 years ago @scaspers I can't continue with estimating this task until you define it. Could you either explain the flow over a call or take your hand at editing my comment (or leaving one here for me to paste in as a req).
scaspers
commented
5 years ago I will be looking into adding this to the API login functionality. Leave this and #21 out of scope for now.
scaspers
commented
5 years ago Method 1: For login the user is redirected to https://d3api.murphyauto.net/api/v2/auth/login with the appkey passed (header or as URL var). The forgot password flow is handled from there. Once a user successfully logs in they are redirected to the mycar app (URL assoc with the appkey in the auth system) with an access_code included. The access_code is then used by the mycar app in an api call to the auth/token endpoint and exchanged for an authToken to be used during their session.
Method 2: Use the auth/resetpw endpoint and provide users registered email address or phone number if successful the auth system will email the user a password reset link URL which will open a page maintained by the auth system that allows the user to enter a new password. At this point the user would need to return to the mycar login and enter credentials.
DanielCaspers
commented
4 years ago @scaspers, to clarify, can we do the following flow using Method 2?
scaspers
commented
4 years ago Your suggested flow should work.
DanielCaspers
commented
3 years ago Closed per over-the-shoulder acceptance from Steve on 12/6/2020. OAuth flow was used to achieve this goal.
Motivation Customers shall be able to recover their account password, should they forget it.
Acceptance criteria TBD