Is it possible to implement a custom set password auth workflow?

fwolf

Hi,

we are currently trying to leverage the API to build a more flexible and fitting Auth workflow for our needs.
We are already successful by creating an user and registering all the necessary applications with the necessary roles to the user.

However, we would like to try and send an e-mail to the user for setting up the password which can be different from the one we set up in the Application configuration.

Initially we thought the send-email API would be enough. But we stumble on the following problem:

• It is necessary to have a setPasswordID and it seems that there is no way of setting up this id.
• On the default example email template provided by FusionAuth the placeholder says http://localhost:9011/password/change/${​​​​​​​​changePasswordId}​​​​​​​​?tenantId=${​​​​​​​​user.tenantId}​​​​​​​​ which has "changePasswordId" instead of setPasswordId. Is this a typo or should I use the changePasswordId?
  -I am not sure if changePasswordId is the same as setPasswordId since they have different timeout configurations.

Can anyone tell me if there is a way of generating such an ID? We want to be able to send different templates depending on the user and that is the only way I saw without creating different Applications or Tenants (which I def. wouldn't do)

I am very greatful for any help and/or explanations!
Best regards,
Frank

peterjohnee1

This post is deleted!

dan

We want to be able to send different templates depending on the user and that is the only way I saw without creating different Applications or Tenants

In this case, I would explore not using FusionAuth to send the emails. If you want more granularity than application, you can build your own.

• send the email yourself (you could manage the templates in FusionAuth if you want, and pull back the templates and build the email html/text) using a service like sendgrid, etc.
• Build a link to take the user to a custom page you build with their email address (remember to make sure to disallow spoofing)
• Use this API to change the password ("Changes a User’s password using an email address or username." ) https://fusionauth.io/docs/v1/tech/apis/users/#change-a-users-password

Of course, this means you have to handle password resets securely, but it gives you the flexibility you want.

Another option is to build the logic into your templates. You can pass in a state variable to the 'forgot password' API call ( https://fusionauth.io/docs/v1/tech/apis/users/#start-forgot-password-workflow ) and that state is available in the template. This state can be any json object, so you could pass the username, group the user is in, their favorite color, or anything else. Then, you can retrieve that state in the template and conditionally render items.

Initially we thought the send-email API would be enough. But we stumble on the following problem:

It is necessary to have a setPasswordID and it seems that there is no way of setting up this id.

I didn't see this setPasswordID variable referenced anywhere in the docs. Can you please give a link to where you saw it? The changePasswordId is used both to set the password the first time and to change it in the future.

HTH.