cclpeng
commented
6 years ago Have to refactor User Service to implement Auth0 for the front end. Apparently Auth0 can also handle password reset. If needed, can see the ArchivedPasswordReset branch where LoginRecoveryController, LoginRecoveryToken, SendEmailService, (added paths in allowable array in security pkg, WebConfig class)are used to have the reset function, but it might look different when using Auth0.
Right now in the user service, Auth0 is used to make tokens (JwtProvider class), but Angular wants us to set up Auth0 completely on our end because at the moment it's not in sync for the angular side. They want Auth0 to be aware of the token on both ends of the app, but currently when they have Auth0 on front end, it makes a new token for them (when they would rather Auth0 just register that we are sending them a token). Having the two tokens on both sides would be bad because they have different times, so they won't be the same.
Though we use the Auth0 dependency to make our JWT tokens, we are not actually implementing it in the User Service. That will take more refactoring.
A user should be able to click a link to reset their password via an email (or some other secure method).