Forgot Password

The oauth/forgot_password_native endpoint will trigger the Registration system to send an email based on the configuration defined for the form that was used in the API call.

Note that code that is generated for the API call must be used with a widget or oauth/token API call configured with the same API Client ID used to initiate the API call.

1. Send reset password email

$api_call= '/oauth/forgot_password_native';
$params= array(
    'client_id'=> JANRAIN_LOGIN_CLIENT_ID,
    'flow'=> JANRAIN_FLOW_NAME,
    'flow_version'=> JANRAIN_FLOW_VERSION,
    'locale'=> 'en-US',
    // page where the user is sent
    'redirect_uri'=> PASSWORD_RECOVER_URL,
    // the name of your forgot-password form as defined in the flow file
    'form'=> 'forgotPasswordForm',
    // required field from forgotPasswordForm
    'signInEmailAddress'=> $_POST['email']
);
$curl= curl_init();
curl_setopt($curl,CURLOPT_URL,JANRAIN_CAPTURE_URL.$api_call);
curl_setopt($curl,CURLOPT_POST,true);
curl_setopt($curl,CURLOPT_RETURNTRANSFER,true);
curl_setopt($curl,CURLOPT_POSTFIELDS,http_build_query($params));
$api_response= json_decode(curl_exec($curl));
curl_close($curl);
Response Outcome / Next Step
Success (OK) Password recover email is sent to user
No account found with that email address (no_such_account) Provide a resolution path for this error
Account is social only (If applicable; depends on your flow configuration) Provide a resolution path for this error

2. Retrieve the authorization code

Parse the authorization code from the password_recover_url.

3. Exchange the authorization code for an access token

Via the oauth/token call. This should be done server-side.

$api_call= '/oauth/token';
$params= array(
    'client_id'=> JANRAIN_LOGIN_CLIENT_ID,
    // client secret which pairs with the client id above
    'client_secret'=> JANRAIN_LOGIN_CLIENT_SECRET,
    // page where the user is sent
    'redirect_uri'=> PASSWORD_RECOVER_URL,
    'grant_type'=> 'authorization_code',
    // authorization code parsed from password_recover_url
    'code'=> $_GET['code']
);
$curl= curl_init();
curl_setopt($curl,CURLOPT_URL,JANRAIN_CAPTURE_URL.$api_call);
curl_setopt($curl,CURLOPT_POST,true);
curl_setopt($curl,CURLOPT_RETURNTRANSFER,true);
curl_setopt($curl,CURLOPT_POSTFIELDS,http_build_query($params));
$api_response= json_decode(curl_exec($curl));
curl_close($curl);
// Store the access token in a variable so that it can be added to the
// change password form as a hidden form element.
if($api_response->stat== "ok"){
    $access_token= $api_response->access_token;
}
Response Outcome / Next Step
Success (OK) Access token is returned, continue to next step

4. Reset the password

Use the oauth/update_profile_native call to submit a new password using the changePasswordFormNoAuth form (Note: this is the default form name in the standard configuration).

$api_call= '/oauth/update_profile_native';
$params= array(
    'client_id'=> JANRAIN_LOGIN_CLIENT_ID,
    'flow'=> JANRAIN_FLOW_NAME,
    'flow_version'=> JANRAIN_FLOW_VERSION,
    'access_token'=> $_SESSION['access_token'],
    'locale'=> 'en-US',
    'form'=> 'changePasswordFormNoAuth',
    // required fields from changePasswordFormNoAuth form
    'newPassword'=> $_POST['new_password'],
    'newPasswordConfirm'=> $_POST['confirm_password']
);
$curl= curl_init();
curl_setopt($curl,CURLOPT_URL,JANRAIN_CAPTURE_URL.$api_call);
curl_setopt($curl,CURLOPT_POST,true);
curl_setopt($curl,CURLOPT_RETURNTRANSFER,true);
curl_setopt($curl,CURLOPT_POSTFIELDS,http_build_query($params));
$api_response= json_decode(curl_exec($curl));
curl_close($curl);