Adrian Crum wrote: > I don't agree that emailing forgotten passwords is like the Webtools > application. As you have discovered, emailing forgotten passwords > entails some decision making, looking up information in various > entities, selecting and rendering an email body template, etc. From my > perspective, all of those things are outside the scope of the framework.
I agree. It is easy to imagine that some applications would not allow a password to be reset via email. It might be that the application uses biometrics, cryptographic signatures or who knows what. The framework authentication stubs should accommodate a diversity of approaches. One major question is whether framework, on its own, should even be runnable as an application. In my opinion, it is a library, not an app and doesn't need to be operational on its own.