Reset a password
The /oauth/forgot_password_native operation triggers the Registration system to send an email based on the configuration defined for the form used in the API call.
A unique constraint of this API call is that the code that is generated must be used with a widget or /oauth/token API call that is configured with the same API Client ID that was used to initiate the API call.
1. Send reset password email
$api_call= '/oauth/forgot_password_native';
$params= array(
'client_id'=> JANRAIN_LOGIN_CLIENT_ID,
'flow'=> JANRAIN_FLOW_NAME,
'flow_version'=> JANRAIN_FLOW_VERSION,
'locale'=> 'en-US',
// page where the user is sent
'redirect_uri'=> PASSWORD_RECOVER_URL,
// the name of your forgot-password form as defined in the flow file
'form'=> 'forgotPasswordForm',
// required field from forgotPasswordForm
'signInEmailAddress'=> $_POST['email']
);
$curl= curl_init();
curl_setopt($curl,CURLOPT_URL,JANRAIN_CAPTURE_URL.$api_call);
curl_setopt($curl,CURLOPT_POST,true);
curl_setopt($curl,CURLOPT_RETURNTRANSFER,true);
curl_setopt($curl,CURLOPT_POSTFIELDS,http_build_query($params));
$api_response= json_decode(curl_exec($curl));
curl_close($curl);
| Response | Outcome / Next Step |
|---|---|
| Success (ok) | Password recover email is sent to user. |
| No account found with that email address (no_such_account) | Provide a resolution path for this error. |
| Account is social only (If applicable; depends on your flow configuration) | Provide a resolution path for this error. |
2. Retrieve the authorization code
Parse the authorization code from the password_recover_url.
3. Exchange the authorization code for an access token
Via the/[oauth/token call. This should be done server-side.
$api_call= '/oauth/token';
$params= array(
'client_id'=> JANRAIN_LOGIN_CLIENT_ID,
// client secret which pairs with the client id above
'client_secret'=> JANRAIN_LOGIN_CLIENT_SECRET,
// page where the user is sent
'redirect_uri'=> PASSWORD_RECOVER_URL,
'grant_type'=> 'authorization_code',
// authorization code parsed from password_recover_url
'code'=> $_GET['code']
);
$curl= curl_init();
curl_setopt($curl,CURLOPT_URL,JANRAIN_CAPTURE_URL.$api_call);
curl_setopt($curl,CURLOPT_POST,true);
curl_setopt($curl,CURLOPT_RETURNTRANSFER,true);
curl_setopt($curl,CURLOPT_POSTFIELDS,http_build_query($params));
$api_response= json_decode(curl_exec($curl));
curl_close($curl);
// Store the access token in a variable so that it can be added to the
// change password form as a hidden form element.
if($api_response->stat== "ok"){
$access_token= $api_response->access_token;
}
| Response | Outcome / Next Step |
|---|---|
| Success (ok) | Access token is returned, continue to next step. |
4. Reset the password
Use the /oauth/update_profile_native call to submit a new password using the changePasswordFormNoAuth form (Note: this is the default form name in the standard configuration).
$api_call= '/oauth/update_profile_native';
$params= array(
'client_id'=> JANRAIN_LOGIN_CLIENT_ID,
'flow'=> JANRAIN_FLOW_NAME,
'flow_version'=> JANRAIN_FLOW_VERSION,
'access_token'=> $_SESSION['access_token'],
'locale'=> 'en-US',
'form'=> 'changePasswordFormNoAuth',
// required fields from changePasswordFormNoAuth form
'newPassword'=> $_POST['new_password'],
'newPasswordConfirm'=> $_POST['confirm_password']
);
$curl= curl_init();
curl_setopt($curl,CURLOPT_URL,JANRAIN_CAPTURE_URL.$api_call);
curl_setopt($curl,CURLOPT_POST,true);
curl_setopt($curl,CURLOPT_RETURNTRANSFER,true);
curl_setopt($curl,CURLOPT_POSTFIELDS,http_build_query($params));
$api_response= json_decode(curl_exec($curl));
curl_close($curl);
Updated over 2 years ago