On Mon, Dec 4, 2017 at 6:54 AM, Indunil Upeksha Rathnayake <indu...@wso2.com
> wrote:

> Hi,
>
> With IS 5.3.0, we have currently provided a Rest API for resending
> confirmation code (Refer [1]), which supports only for self signup feature.
> So that, we are planning to provide a more generic REST API and a OSGi
> service, for resending confirmation code for any scenario.
>
>
>
> Following are the scenarios, currently where we are sending confirmation
> emails in IS.
>
>    - *Password Reset* - password recovery using email-based notifications
>    - *Account Confirmation* - email confirmation on user self registration
>    - *Ask Password* - ask password from user through confirmation email
>    - *Admin Forced Password Reset*- admin to trigger a password reset for
>    a given user account
>    - *Admin Forced Password Reset With OTP* -  admin send an email to the
>    user with a one time password that the user can use to login once to the
>    account after which, the user will be prompted to set a new password
>    - *Email Confirmation *- account confirmation through email
>    notification
>
> In there, the confirmation emails get expired after a configured time
> period in order to make the accounts secure. After the expiration, we may
> need to resend the confirmation emails.
>
> So with this implementation, when we request for resending confirmation
> code, previously issued code (even though, it's still not expired), should
> get expired and the new confirmation code should considered as active. So
> that in any scenario, if a user is requesting to use an expired
> confirmation code, we need to redirect the user, to an error page
> mentioning of using an expired confirmation link.
>
> In case of user self registration, if request has made for resending
> confirmation link, after a account activation, I think it should be handled
> in the self registration API (currently Re-Send button to resend the
> confirmation link will be appeared in the login page, when we try to login
> to an unverified account). We may not need to consider it, when resending
> the confirmation code. WDYT?
>
So, generally, when resendingm it should verify the user email address
isn't that the case case here? genreally, you will not re-send confirmation
code for unverified accounts

>
>
>
> Other than that, I think we can consider following scenarios as further
> improvements. WDYT?
>
>    - In case of a forgery, we may need to expire the confirmation link,
>    manually before the configured time (without resending the confirmation
>    link).
>
> How to filter out the facts? you mean managing UI per inactive
confirmation links? then selectivly disabling?  Anyway, yeah this looks to
be a good initiate to have anyway.

>
>    -
>    - Currently for resending confirmation email for user self
>    registration, we have provided support in the login page where user can
>    request to resend confirmation link (We have not added this to the
>    documentation, created a doc jira in [2]). In order to resend the
>    confirmation emails from admin (or user with a required permissions), we
>    can provide support in management console to :
>
> +1

>
>    - select the user(s) to whom need to resend the activation email
>
> users/s how many users at once? don't you think it may get complicate when
user store is large and if the selection get larger

>
>    - select a role, to send confirmation emails to a group of users -
>       here we may need to automatically skip over users who have already
>       activated there accounts in case of self registration
>
> would appropriate to send email to a user group rather a indvidual IMO or
may be users who are in certain group as you have specified, that may more
praticle (I'm thinking larger user store)

>
>
>

>
>    -
>
>
>
> Appreciate your ideas and comments on this.
>
> [1] https://github.com/wso2-extensions/identity-governance/blob/master/
> components/org.wso2.carbon.identity.user.endpoint/src/
> main/java/org/wso2/carbon/identity/user/endpoint/impl/
> ResendCodeApiServiceImpl.java
> [2] https://wso2.org/jira/browse/DOCUMENTATION-7189
>
> Thanks and Regards
>
> --
> Indunil Upeksha Rathnayake
> Software Engineer | WSO2 Inc
> Email    indu...@wso2.com
> Mobile   0772182255
>
> --
> You received this message because you are subscribed to the Google Groups
> "WSO2 Documentation Group" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to documentation+unsubscr...@wso2.com.
> For more options, visit https://groups.google.com/a/wso2.com/d/optout.
>



-- 
Dushan Abeyruwan | Architect
Technical Support,MV
PMC Member Apache Synpase
WSO2 Inc. http://wso2.com/
Blog:*http://www.dushantech.com/ <http://www.dushantech.com/>*
LinkedIn:*https://www.linkedin.com/in/dushanabeyruwan
<https://www.linkedin.com/in/dushanabeyruwan>*
Mobile:(001)408-791-9312
_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Reply via email to