Closed htdvisser closed 5 years ago
pgalic96
commented
5 years ago A "Forgot Password" screen where the user has to enter their username and email in order to receive a temporary password.
Should it be username and email or just e-mail?
cc @kschiffer
htdvisser
commented
5 years ago It actually only works with username right now, so let's start with that.
johanstokking
commented
5 years ago I think that people are better at remembering their email address than their user name, so please file an issue to be able to (only) specify their email address.
kschiffer
commented
5 years ago I propose to implement it in a (new) "account" React app that will also have the screen I discussed in #265.
Isn't the OAuth react app already the "account" app you're describing here, @htdvisser?
Summary
Users should be able to reset their password using the web UI.
Old issue: https://github.com/TheThingsIndustries/lorawan-stack/issues/1123
Why do we need this?
Because not all users are comfortable with the API or CLI
What is already there? What do you see now?
We have the
CreateTemporaryPasswordRPC in theUserRegistryservice. HTTP binding isPOST /api/v3/users/{user_ids.user_id}/temporary_password. This needs to be called with the user ID and Email Address. A successful call results in an email being sent to the user with a temporary password that the can only use to reset their password with theUpdatePasswordRPC in theUserRegistryservice.What is missing? What do you want to see?
The following screens in the Web UI of the Identity Server:
How do you propose to implement this?
Assigning @pgalic96 since he was already assigned to the original issue. Please discuss with @kschiffer the design. I propose to implement it in a (new) "account" React app that will also have the screen I discussed in #265. Note that the user does not need to be logged in for the screens proposed in this issue. Also note that these must not be implemented in the Console, since the Console must never have access to the user's password.