search

auth0 / auth0-java

Java client library for the Auth0 platform
https://auth0.com
MIT License
286 stars 131 forks source link

Add possibility to specify arbitrary client_id for resetPassword method, as argument #510

Closed artyk404 closed 1 year ago

artyk404 commented 1 year ago

Describe the problem you'd like to have solved

Hello there, we use auth0-java to interact with Auth0 API. To trigger user password change flow we call resetPassword method. We have many SPA applications and single "machine-to-machine" application. We allow access to "Auth0 Management API" only to this "machine" application. In current scenario when "machine" application triggers reset password flow and user changes password, they only see confirmation text like "Your password changed successfully" without being redirected to actual login page. But that is actually what we want - to redirect user to "needed" application's login url. As I learned "Change Password" API accepts optional (and recommended) parameter client_id to specify what client_id (SPA application) to associate with password change flow.

However , the problem: resetPassword method doesn't have possibility to specify this dynamic client_id and I believe uses same client_id as for interaction with API, hence no redirect to any login page after password change, because "machine" application doesn't have any login urls configured.

Describe the ideal solution

Add possibility to specify arbitrary client_id for resetPassword method, as argument.

Alternatives and current work-arounds

N/A

Additional information, if any

jimmyjames commented 1 year ago

👋 hi @artyk404, thanks for the info and request! Yes, I think it makes sense to add a new method that supports specifying a client ID. I've made a PR for this in #511, if you want to take a look and ensure it addresses your use case, that would be great!

artyk404 commented 1 year ago

Hey @jimmyjames 👋 Thank you so much for your quick response and I really appreciate your PR! We have looked at it and it looks good for our use case.

Now I'm wondering about auth0-java's release cycle, specifically when do you think there will be new release with this change?

jimmyjames commented 1 year ago

Hey @artyk404, we plan to release a new v2 beta with this change this week. And V2 GA is scheduled for next week.

jimmyjames commented 1 year ago

Juste an update - we plan to release a new beta version tomorrow, and v2 GA week of Feb 20.