@robotdan
Thanks for the reply. This was very helpful!
This allowed me to get much further, but now I'm running into a separate issue completing the flow. When I provide the trust token to the POST /api/user/change-password
it is still giving me the [TrustTokenRequired]
error code — the same one you have in your message. I'm not sure what I'm doing wrong. Here is the full flow that I'm doing:
POST /api/two-factor/start
POST /api/two-factor/login
POST /api/user/change-password
Note: The version I'm updating to is 1.35.0, two versions after the Change Password API changed.
Two-factor Start
POST /api/two-factor/start
Headers
{
"Authorization": "API_KEY",
"Accept": "application/json"
}
Body
{
"loginId": "testemail@test.com"
}
Response 200
{
"code": "CODE",
"methods": [
{
"authenticator": {
"algorithm": "HmacSHA1",
"codeLength": 6,
"timeStep": 30
},
"id": "METHOD_ID",
"method": "authenticator"
}
],
"twoFactorId": "TWO_FACTOR_ID"
}
Two-factor Login
POST /api/two-factor/login
Headers
{
"Authorization": "API_KEY",
"Accept": "application/json"
}
Body
{
"code": "CODE",
"twoFactorId": "TWO_FACTOR_ID",
}
Response 200
{
"token": "TOKEN",
"tokenExpirationInstant": TOKEN_EXPIRATION_INSTANT,
"trustToken": "TRUST_TOKEN",
"user": {
"active": true,
"connectorId": "CONECTOR_ID",
"data": {
"companyId": "COMAPNY_ID"
},
"email": "EMAIL",
"firstName": "FIRST_NAME",
"id": "ID",
"insertInstant": INSERT_INSTANCE,
"lastLoginInstant": LAST_LOGIN_INSTANCE,
"lastName": "LAST_NAME",
"lastUpdateInstant": LAST_UPDATE_INSTANCE,
"passwordChangeRequired": PASSWORD_CHANGE_REQUIRED,
"passwordLastUpdateInstant": PASSWORD_LAST_UPDATE_INSTANT,
"registrations": [
{
"applicationId": "APPLICATION_ID",
"id": "ID",
"insertInstant": INSERT_ID,
"lastLoginInstant": LAST_LOGIN_INSTANT,
"lastUpdateInstant": LAST_UPDATE_INSTANT,
"roles": [
"ROLE_NAME"
],
"usernameStatus": "ACTIVE",
"verified": true
}
],
"tenantId": "TENENT_ID",
"twoFactor": {
"methods": [
{
"authenticator": {
"algorithm": "HmacSHA1",
"codeLength": 6,
"timeStep": 30
},
"id": "ID",
"method": "authenticator"
}
]
},
"usernameStatus": "ACTIVE",
"verified": true
}
}
Change Password
POST /api/user/change-password
Headers
{
"Authorization": "API_KEY",
"Accept": "application/json"
}
Body
The TRUST_TOKEN
supplied is the one returned from the previous POST /api/two-factor/login
call
{
"loginId": "testemail@test.com",
"currentPassword": "CURRENT_PASSWORD",
"password": "NEW_PASSWORD",
"trustToken": "TRUST_TOKEN"
}
Response 400
{
"generalErrors": [
{
"code": "[TrustTokenRequired]",
"message": "This request requires a Trust Token. Use the Start Two-Factor API to obtain a Trust Token required to complete this request."
}
]
}