On Mon, Dec 4, 2017 at 6:54 AM, Indunil Upeksha Rathnayake <indu...@wso2.com > wrote:
> Hi, > > With IS 5.3.0, we have currently provided a Rest API for resending > confirmation code (Refer [1]), which supports only for self signup feature. > So that, we are planning to provide a more generic REST API and a OSGi > service, for resending confirmation code for any scenario. > > > > Following are the scenarios, currently where we are sending confirmation > emails in IS. > > - *Password Reset* - password recovery using email-based notifications > - *Account Confirmation* - email confirmation on user self registration > - *Ask Password* - ask password from user through confirmation email > - *Admin Forced Password Reset*- admin to trigger a password reset for > a given user account > - *Admin Forced Password Reset With OTP* - admin send an email to the > user with a one time password that the user can use to login once to the > account after which, the user will be prompted to set a new password > - *Email Confirmation *- account confirmation through email > notification > > In there, the confirmation emails get expired after a configured time > period in order to make the accounts secure. After the expiration, we may > need to resend the confirmation emails. > > So with this implementation, when we request for resending confirmation > code, previously issued code (even though, it's still not expired), should > get expired and the new confirmation code should considered as active. So > that in any scenario, if a user is requesting to use an expired > confirmation code, we need to redirect the user, to an error page > mentioning of using an expired confirmation link. > > In case of user self registration, if request has made for resending > confirmation link, after a account activation, I think it should be handled > in the self registration API (currently Re-Send button to resend the > confirmation link will be appeared in the login page, when we try to login > to an unverified account). We may not need to consider it, when resending > the confirmation code. WDYT? > So, generally, when resendingm it should verify the user email address isn't that the case case here? genreally, you will not re-send confirmation code for unverified accounts > > > > Other than that, I think we can consider following scenarios as further > improvements. WDYT? > > - In case of a forgery, we may need to expire the confirmation link, > manually before the configured time (without resending the confirmation > link). > > How to filter out the facts? you mean managing UI per inactive confirmation links? then selectivly disabling? Anyway, yeah this looks to be a good initiate to have anyway. > > - > - Currently for resending confirmation email for user self > registration, we have provided support in the login page where user can > request to resend confirmation link (We have not added this to the > documentation, created a doc jira in [2]). In order to resend the > confirmation emails from admin (or user with a required permissions), we > can provide support in management console to : > > +1 > > - select the user(s) to whom need to resend the activation email > > users/s how many users at once? don't you think it may get complicate when user store is large and if the selection get larger > > - select a role, to send confirmation emails to a group of users - > here we may need to automatically skip over users who have already > activated there accounts in case of self registration > > would appropriate to send email to a user group rather a indvidual IMO or may be users who are in certain group as you have specified, that may more praticle (I'm thinking larger user store) > > > > > - > > > > Appreciate your ideas and comments on this. > > [1] https://github.com/wso2-extensions/identity-governance/blob/master/ > components/org.wso2.carbon.identity.user.endpoint/src/ > main/java/org/wso2/carbon/identity/user/endpoint/impl/ > ResendCodeApiServiceImpl.java > [2] https://wso2.org/jira/browse/DOCUMENTATION-7189 > > Thanks and Regards > > -- > Indunil Upeksha Rathnayake > Software Engineer | WSO2 Inc > Email indu...@wso2.com > Mobile 0772182255 > > -- > You received this message because you are subscribed to the Google Groups > "WSO2 Documentation Group" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to documentation+unsubscr...@wso2.com. > For more options, visit https://groups.google.com/a/wso2.com/d/optout. > -- Dushan Abeyruwan | Architect Technical Support,MV PMC Member Apache Synpase WSO2 Inc. http://wso2.com/ Blog:*http://www.dushantech.com/ <http://www.dushantech.com/>* LinkedIn:*https://www.linkedin.com/in/dushanabeyruwan <https://www.linkedin.com/in/dushanabeyruwan>* Mobile:(001)408-791-9312
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture