- getCaptcha() - Generates a captcha.
- verifyUser() - Validates the captcha answer and username and returns a new key.
- getUserChallengeQuestionIds() - Retrieve the cliam URI IDs specified for the user with the generated key. Need to provide the key from the previous call.
- getUserChallengeQuestion() - Retrieve the user’s challenge question for the specified claim URI ID from the previous call. Need to provide the key from the previous call.
- verifyUserChallengeAnswer() - Validates the answer and confirmation code for the specified question. Need to provide the key from the previous call.
- updatePassword() - Updates the password in the system. Need to provide the key from the previous call, the new password and return the status of the update, i.e. true or false.
The following flow demonstrates how the password recovery flow should be used for the two challenge questions as follows:
- Get the captcha using the
getCaptcha()operation and provide the captcha details with the username to the
- You will receive a code with the call.
- After the verification, you can get the challenge question IDs using the
getUserChallengeQuestionIds()operation, which returns the defined claim URIs along with a code.
- Retrieve the question for the user with the
getUserChallengeQuestion()operation using the code you received.
- You can define two steps to answer the challenge questions in your web application in order to maximize security.
verifyUserChallengeAnswer()operation is used to verify a particular answer for a question. If both answers are correct, you can call the
updatePassword()operation to change the user password.