On Tue, Mar 14, 2017 at 11:08 AM, Gayan Gunawardana <ga...@wso2.com> wrote:
> > > On Tue, Mar 14, 2017 at 10:58 AM, Hasanthi Purnima Dissanayake < > hasan...@wso2.com> wrote: > >> Hi all, >> >> We are in the process of implementing Admin Forced Password Reset via >> Offline for existing users in Admin Portal for the new IS 6.0.0 release. >> The wireframe design for the UI is found at [1]. >> >> Admin can select a user and generate a password for the selected user. >> This generated password is an OTP. >> >> This OTP is: >> 1. Not adhere to any password policy. >> 2. There is no validity period >> 3. Once this OTP is used it expires. >> 4. Not considered like a normal password and we are going to store it in >> IDN_RECOVERY_DATA table. >> > If admin generates two or more OTPs, what is the behavior ? > All valid or last one valid ? > Suppose there is two and we consume only first one, in that case does it > invalidate second one ? > Why should we allow multiple OTPs for a particular user at a given time ? Cannot we keep only one valid OTP for a user at a given time and override it at the point of creating a new one ? > >> [1] https://github.com/wso2-dev-ux/product-is/blob/master/Wirefr >> ames/admin-portal/v3/3.32%20%20Reset%20password%20with% >> 20offline%20OTP%20-%20password%20generated.png >> >> Thanks, >> >> Hasanthi Dissanayake >> >> Software Engineer | WSO2 >> >> E: hasan...@wso2.com >> M :0718407133| http://wso2.com <http://wso2.com/> >> > > > > -- > Gayan Gunawardana > Software Engineer; WSO2 Inc.; http://wso2.com/ > Email: ga...@wso2.com > Mobile: +94 (71) 8020933 > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > >
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
