Forgot Password

The oauth/forgot_password_native endpoint will trigger the Registration system to send an email based on the configuration defined for the form used in the API call.

A unique constraint of this API call is that the code that is generated must be used with a widget or oauth/token API call that is configured with the same API Client ID that was used to initiate the API call.

1. Send reset password email


$api_call= '/oauth/forgot_password_native';
$params= array(
    'client_id'=> JANRAIN_LOGIN_CLIENT_ID,
    'flow'=> JANRAIN_FLOW_NAME,
    'flow_version'=> JANRAIN_FLOW_VERSION,
    'locale'=> 'en-US',
    // page where the user is sent
    'redirect_uri'=> PASSWORD_RECOVER_URL,
    // the name of your forgot-password form as defined in the flow file
    'form'=> 'forgotPasswordForm',
    // required field from forgotPasswordForm
    'signInEmailAddress'=> $_POST['email']
);
$curl= curl_init();
curl_setopt($curl,CURLOPT_URL,JANRAIN_CAPTURE_URL.$api_call);
curl_setopt($curl,CURLOPT_POST,true);
curl_setopt($curl,CURLOPT_RETURNTRANSFER,true);
curl_setopt($curl,CURLOPT_POSTFIELDS,http_build_query($params));
$api_response= json_decode(curl_exec($curl));
curl_close($curl);

Response

Outcome / Next Step

Success (ok)

Password recover email is sent to user

No account found with that email address (no_such_account)

Provide a resolution path for this error

Account is social only (If applicable; depends on your flow configuration)

Provide a resolution path for this error

2. Retrieve the authorization code

Parse the authorization code from the password_recover_url.

3. Exchange the authorization code for an access token

Via the oauth/token call. This should be done server-side.


$api_call= '/oauth/token';
$params= array(
    'client_id'=> JANRAIN_LOGIN_CLIENT_ID,
    // client secret which pairs with the client id above
    'client_secret'=> JANRAIN_LOGIN_CLIENT_SECRET,
    // page where the user is sent
    'redirect_uri'=> PASSWORD_RECOVER_URL,
    'grant_type'=> 'authorization_code',
    // authorization code parsed from password_recover_url
    'code'=> $_GET['code']
);
$curl= curl_init();
curl_setopt($curl,CURLOPT_URL,JANRAIN_CAPTURE_URL.$api_call);
curl_setopt($curl,CURLOPT_POST,true);
curl_setopt($curl,CURLOPT_RETURNTRANSFER,true);
curl_setopt($curl,CURLOPT_POSTFIELDS,http_build_query($params));
$api_response= json_decode(curl_exec($curl));
curl_close($curl);
// Store the access token in a variable so that it can be added to the
// change password form as a hidden form element.
if($api_response->stat== "ok"){
    $access_token= $api_response->access_token;
}

Response

Outcome / Next Step

Success (ok)

Access token is returned, continue to next step

4. Reset the password

Use the oauth/update_profile_native call to submit a new password using the changePasswordFormNoAuth form (Note: this is the default form name in the standard configuration).


$api_call= '/oauth/update_profile_native';
$params= array(
    'client_id'=> JANRAIN_LOGIN_CLIENT_ID,
    'flow'=> JANRAIN_FLOW_NAME,
    'flow_version'=> JANRAIN_FLOW_VERSION,
    'access_token'=> $_SESSION['access_token'],
    'locale'=> 'en-US',
    'form'=> 'changePasswordFormNoAuth',
    // required fields from changePasswordFormNoAuth form
    'newPassword'=> $_POST['new_password'],
    'newPasswordConfirm'=> $_POST['confirm_password']
);
$curl= curl_init();
curl_setopt($curl,CURLOPT_URL,JANRAIN_CAPTURE_URL.$api_call);
curl_setopt($curl,CURLOPT_POST,true);
curl_setopt($curl,CURLOPT_RETURNTRANSFER,true);
curl_setopt($curl,CURLOPT_POSTFIELDS,http_build_query($params));
$api_response= json_decode(curl_exec($curl));
curl_close($curl);