On Wednesday, March 15, 2017, Dilan Udara Ariyaratne <dil...@wso2.com> wrote:
> > On Tue, Mar 14, 2017 at 11:08 AM, Gayan Gunawardana <ga...@wso2.com > <javascript:_e(%7B%7D,'cvml','ga...@wso2.com');>> wrote: > >> >> >> On Tue, Mar 14, 2017 at 10:58 AM, Hasanthi Purnima Dissanayake < >> hasan...@wso2.com <javascript:_e(%7B%7D,'cvml','hasan...@wso2.com');>> >> wrote: >> >>> Hi all, >>> >>> We are in the process of implementing Admin Forced Password Reset via >>> Offline for existing users in Admin Portal for the new IS 6.0.0 release. >>> The wireframe design for the UI is found at [1]. >>> >>> Admin can select a user and generate a password for the selected user. >>> This generated password is an OTP. >>> >>> This OTP is: >>> 1. Not adhere to any password policy. >>> 2. There is no validity period >>> 3. Once this OTP is used it expires. >>> 4. Not considered like a normal password and we are going to store it in >>> IDN_RECOVERY_DATA table. >>> >> If admin generates two or more OTPs, what is the behavior ? >> All valid or last one valid ? >> Suppose there is two and we consume only first one, in that case does it >> invalidate second one ? >> > > Why should we allow multiple OTPs for a particular user at a given time ? > Cannot we keep only one valid OTP for a user at a given time and override > it at the point of creating a new one ? > I too have the same concern. What is the idea behind allowing multiple OTPs at any point of time? Isn't the usual practice to keep only the latest OTP active? > >>> [1] https://github.com/wso2-dev-ux/product-is/blob/master/Wirefr >>> ames/admin-portal/v3/3.32%20%20Reset%20password%20with%20off >>> line%20OTP%20-%20password%20generated.png >>> >>> Thanks, >>> >>> Hasanthi Dissanayake >>> >>> Software Engineer | WSO2 >>> >>> E: hasan...@wso2.com <javascript:_e(%7B%7D,'cvml','hasan...@wso2.com');> >>> M :0718407133| http://wso2.com <http://wso2.com/> >>> >> >> >> >> -- >> Gayan Gunawardana >> Software Engineer; WSO2 Inc.; http://wso2.com/ >> Email: ga...@wso2.com <javascript:_e(%7B%7D,'cvml','ga...@wso2.com');> >> Mobile: +94 (71) 8020933 >> >> _______________________________________________ >> Architecture mailing list >> Architecture@wso2.org >> <javascript:_e(%7B%7D,'cvml','Architecture@wso2.org');> >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > -- *A.Farasath Ahamed* Software Engineer | WSO2 Inc. Mobile: +94 777 603 866 Blog: blog.farazath.com E-Mail: mefaraz...@gmail.com
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture