Closed stuartpb closed 7 years ago
Like, Wells Fargo has a password reset design that isn't flow-like, and putting that info in a flow-like structure will cause real problems for use cases like Nilpass (it should really be documented in a PR comment until a real general-schema-branch can be specified to handle it, or kicked into a notes
-like description). So, yeah, I'm down with this issue's logic.
Putting this on v0.1.0.
The thing is, Wells Fargo needs an alternative, because I've already documented it.
I'm going to call it replacement
, because it involves a lot of secrets to be provided as a replacement for the password (though, of course, this "replacement" isn't strictly adequate, as it's still "something you know" and not "something you have" or "something you are").
It also reminds me of filing for a replacement debit card.
Note that this wasn't really finished off until #246.
Per https://github.com/opws/domainprofiles/issues/127#issuecomment-278180032 and https://github.com/opws/domainprofiles/issues/137#issuecomment-280197246 -
password.reset.url
meaning what it does is going to get more and more awkward due to its non-specificity, as more siblings (heck,password.reset.flow.request.form
) get attached to reset request.url
should live alongside these descriptions.As for defining a general
password.reset.url
alongside the one underflow.request
... I'm against it, actually. The comment in #127 noted that eliminatingurl
at that higher level would make it so general, non-flow-request password reset URLs would get shaken out, but my thinking now is that if there's some kind of password reset that isn'tflow
or one of the specced alternatives, it needs to be handled in a way that will adequately convey what this specified URL is for - just saying "if you want password reset, here's your guy" catching all, for some reset mechanism so alien that it doesn't fit into the existing generalizations defined in the schema, is a bad idea. (Even if something like that eventually becomes a thing, it'd have to be specified und some otherflow
-alternative clarifying that it is definitely not flow-like, likepassword.reset.esoteric.url
orpassword.reset.special.begin.url
).