/oauth/forgot_password_native

This endpoint is used to trigger an email that includes a link with a one-time authorization code a user can click to set a new password. The destination URL for this link is configured in the password_recover_url setting for the API client used to make this call.

If you are not utilizing the Janrain JavaScript widget at this URL, you will need to use the oauth/token call to consume the authorization code and exchange it for an access token. You must use the same API client when making the oauth/forgot_password_native call to generate the code and when making the oauth/token call to consume it. If successful, you can proceed to use the oauth/update_profile_native call to update the user's password. If unsuccessful, this API can be used again to resend an email with a new code.

Note. This must be a POST request with all parameters included in the body of the request; they cannot be passed as URL parameters.

Use this link for a video demo in Postman.

This endpoint includes the following methods:

  • POST

POST

Base URL

The base URL for this endpoint is your Janrain Capture domain; for example:

https://educationcenter.us-dev.janraincapture.com

Your Capture domains (also known as Registration domains) can be found in the Janrain Console on the Manage Application page:

Examples

Example: Trigger Forgot Password Email


  curl -X POST \
    --data-urlencode 'client_id=12345abcde12345abcde12345abcde12'\
    --data-urlencode 'flow=standard'\
    --data-urlencode 'flow_version=67890def-6789-defg-6789-67890defgh67'\
    --data-urlencode 'locale=en-US'\
    --data-urlencode 'redirect_uri=http://localhost'\
    --data-urlencode 'form=forgotPasswordForm'\
    --data-urlencode 'signInEmailAddress=johndoe@example.com'\
    'https://my-app.janraincapture.com/oauth/forgot_password_native'
                                                            

Running Code Samples Using Postman

The Janrain REST API code samples are written using Curl, but they can easily be run from within Postman. To use one of our code samples in Postman:

  1. Click the Copy to Clipboard button located directly beneath the code sample
  2. In Postman, click Import to display the Import dialog box.
  3. In the Import dialog box, click Paste Raw Text, and then paste in the copied code. The Import dialog box should look similar to this:

  4. Click Import, and the Curl command will be converted to a format that can be run from within Postman. All you need to do now is configure the command to work with your Janrain implementation.

Authorized Clients

login_client

Security

  •  none-required

Query Parameters

Parameter Type Required Description
client_id string Yes API client ID used to authenticate the call. This client must be configured with the login_client feature, which gives it permission to use login and registration-based API endpoints. API client permissions may be configured by using the sclients/set_features endpoint.
 
flow string Yes Name of the flow configured with the login experience you want to use. This parameter corresponds to the janrain.settings.capture.flowName JavaScript setting used in widget- based implementations. The default flow provisioned with Registration applications is named the standard flow; if you have multiple flows, you can find a list of valid flow names using the Configuration API. You may cb this parameter if you configure the flow name in the default_flow_name setting for the API client used to make this call.
 
flow_version string Yes Version number of the flow set in the flow parameter. This parameter corresponds to the janrain.settings.capture.flowVersion JavaScript setting used in widget-based implementations; however, this call will not accept a version of HEAD. Instead, you must specify the version number if you want to use the most recent version. You can find a list of versions for your flow using the Configuration API. This parameter can be omitted if you you configure the flow version in the default_flow_version setting for the API client used to make this call.
 
form string Yes Name of the form to be used to for generating the password reset email. This parameter determines the field names that must be included when submitting this API call. The default form name for password reset configured for the standard flow is forgotPasswordForm, but you can find a list of valid forms and associated fields for your flow using the Configuration API. This form name corresponds to the name of the JTL tag used for the associated form in widget-based implementations (for example, {* #forgotPasswordForm *}).
(form fields) string Yes Name of the field used to generate the password reset email. You will use the field name as the key and the user input as the value for this parameter. The default forgotPasswordForm configured for the standard flow uses the field signInEmailAddress. You can find a list of valid fields and associated forms for your flow using the Configuration API. This field name corresponds to the JTL tag used for the email field in your forgot password form in widget-based implementations.
 
locale string Yes Code for the language you want to use for the login experience. This determines the language for any error messages returned to you and the reset password emails sent to users. This parameter corresponds to the janrain.settings.language JavaScript setting used in widget-based implementations. The default locale provisioned with the standard Registration flow is en-US;other locales must be configured in your flow. You can find a list of valid locales for your flow using the Configuration API.
redirect_uri string Yes Must match the value configured for the password_recover_url setting for the API client used to make this call. This parameter corresponds to the janrain.settings.capture.redirectUri JavaScript setting used in widget-based implementations.
 

Responses

200 OK

Successful Response

A successful call will return the simple response below:


{
  "stat": "ok"
}
                                                            

Error - Email Does Not Exist

The example error response below indicates that the email address submitted is not registered, so no email will be sent. The invalid_fields object will include a localized error message from the flow.


{
  "stat": "error",
  "code": 212,
  "error_description": "some inputs are invalid",
  "error": "no_such_account",
  "request_id": "hyhrbds6f4ws4vav",
  "invalid_fields": {
    "forgotPasswordForm": [
      "No account with that email address exists."
    ]
  }
}
                                                            

Error - Field Validation Errors

The example error response below indicates that the email address submitted is registered for an account that has no password, usually because it was created with a social identity. No email will be sent in this case. The message attribute will include a localized error message from the flow. Your flow may be configured to bypass this error and send the email if desired.


{
  "stat": "error",
  "code": 540,
  "error_description": "an error was triggered in the flow",
  "error": "triggered_error",
  "request_id": "rspc2skdu7arex82",
  "message": "That account is social signin only."
}
                                                            

Error - Invalid Form

The example error response below indicates that the form value is not valid for the flow included in the call. Form names are case-sensitive, so forgotpasswordform would fail if forgotPasswordForm is the valid form name.


{
  "stat": "error",
  "code": 200,
  "error_description": "no such form 'forgotpasswordform'",
  "error": "invalid_argument",
  "request_id": "rdfbsavfvzb2sxud"
}
                                                            

Error - Missing Required Parameters

The example error response below indicates that one of the required parameters for the call was not included. The error message will describe which parameter is missing.


{
  "stat": "error",
  "code": 100,
  "error_description": "missing arguments: flow",
  "error": "missing_argument",
  "request_id": "uyeem84bmqmnjuu4"
}
                                                            

Error - Invalid Flow Value

The example error response below indicates that the value provided for one or more of the flow, flow_version, or locale parameters is invalid. Flow versions are unique across environments, so check that the version value included in the call is for the correct environment (that is, your development or production application).


{
  "stat": "error",
  "code": 500,
  "error_description": "could not find a flow named 'standard' with version '12345abc-1234-abcd-1234-12345abcde12' and locale 'en-US'",
  "error": "unexpected_error",
  "request_id": "murynd7fhpysq6um"
}
                                                            

Error - Invalid API Client Permissions

The example error response below indicates that the API client used to make the call is not configured with the login_client feature.


{
  "stat": "error",
  "code": 403,
  "error_description": "This client does not support log in and registration.",
  "error": "permission_error",
  "request_id": "y3sthb9dey6mv65e"
}