HomeUniteUs icon indicating copy to clipboard operation
HomeUniteUs copied to clipboard

Published 20 hours ago verified publisher icon hackforla

End point to reset password when guest signs in after invite

Open erikguntner opened this issue 1 year ago • 5 comments

Overview

When a guest receives an invitation to sign up for Home Unite Us they are instructed to click on a link that redirects them to a page to create a permanent password. We need an endpoint in our API that handles resetting the password. If I understand the flow correctly, after a user is invited they must respond the the auth challenge set by Cognito to reset their password, which can be done using the RespondToAuthChallenge method.

Action Items

  • Create OpenAPI spec for a POST endpoint that accepts a password in the body.
  • Generate a new spec
  • Return an error if the request is unsuccessful

Resources

Invite user flow RespondToAuthChallenge

erikguntner avatar Mar 10 '23 03:03 erikguntner

@jed-stewart can you confirm that after sending the invite the user has a RESET_REQUIRED or FORCE_CHANGE_PASSWORD status?

erikguntner avatar Mar 10 '23 03:03 erikguntner

Yes, I'll verify this

On Thu, Mar 9, 2023, 7:24 PM Erik Guntner @.***> wrote:

@jed-stewart https://github.com/jed-stewart can you confirm that after sending the invite the user has a RESET_REQUIRED or FORCE_CHANGE_PASSWORD status?

— Reply to this email directly, view it on GitHub https://github.com/hackforla/HomeUniteUs/issues/480#issuecomment-1463198089, or unsubscribe https://github.com/notifications/unsubscribe-auth/ANZPLAVNW6OWY7FZABT6TCTW3KNIJANCNFSM6AAAAAAVV4WIZU . You are receiving this because you were mentioned.Message ID: @.***>

jed-stewart avatar Mar 10 '23 05:03 jed-stewart

@jed-stewart can you confirm that after sending the invite the user has a RESET_REQUIRED or FORCE_CHANGE_PASSWORD status?

@erikguntner @stevbark It is FORCE_CHANGE_PASSWORD when added

jed-stewart avatar Mar 23 '23 23:03 jed-stewart

Is the FORCE_CHANGE_PASSWORD something I need to worry about? I dont see it in the 'respond to auth challenge' linked above so I am unsure how it affects me.

stevbark avatar Mar 28 '23 06:03 stevbark

You do not need it, Erik asked the question above

On Mon, Mar 27, 2023, 11:01 PM Stephen Barkley-Yeung < @.***> wrote:

Is the FORCE_CHANGE_PASSWORD something I need to worry about? I dont see it in the 'respond to auth challenge' linked above so I am unsure how it affects me.

— Reply to this email directly, view it on GitHub https://github.com/hackforla/HomeUniteUs/issues/480#issuecomment-1486263956, or unsubscribe https://github.com/notifications/unsubscribe-auth/ANZPLAR5XS5FVANB35I4WPDW6J5DFANCNFSM6AAAAAAVV4WIZU . You are receiving this because you were mentioned.Message ID: @.***>

jed-stewart avatar Mar 28 '23 12:03 jed-stewart