In present world scenario most of the systems save password after applying one way encryption using algorithms like MD5 or SHA1 and in such cases it becomes impossible for the user to tell the password to the user (after applying some security check like asking security answer of some security question chosen by the user during the time of registration), because the system itself does not know the password. In such cases the password can be only be updated by the user. The update password procedure can be completed in the following two steps. The system providing access to the user base (User Base Management System UBMS) has to provide two APIs for the following two steps.
- Creation of security token:
The security token will be used for validating that only the authenticated user is asking for new password. The security token will be generated by the UBMS which provides APIs for secured access of the central repository.
- Calling change password functionality:
The security token generated in the first step will be passed along with the new password to the system. The UBMS will validate the security token to find out whether the request is coming from the authorized user.
The updation process can be completed in the following steps:
1. The application will call token generation functionality
public String generateToken(String emailId)
The API will give authtoken as output which is the authority token.
2. The token will be mailed to the user in some link (of change password page at application end).
3. The user will click on the link and will fill email id and new password and then submit the form.
4. The application will call change password API provided by UBMS:
public boolean changePassword(String newPassword, String authToken)
The authtoken parameter value should be same as passed in step 1.
5. The UBMS will changed password after validating authtoken and give status true/ false based on the validation.
6. The result will be used at the application end for redirecting the user accordingly.
No comments:
Post a Comment