This documentation is for WSO2 Identity Server 5.0.0. View documentation for the latest release.
Page Comparison - Recovery with Notification (v.14 vs v.15) - Identity Server 5.0.0 - WSO2 Documentation

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


The flow of password recovery by email notification is as follows using the WSDL file (https://localhost:9443/services/UserInformationRecoveryService?wsdl). First :

  • First you need to get the captcha using the getCaptcha() method. 
  • The captcha details returned should be passed along with the visible captcha answer and user name to verifyUser() which is for user verification. 
  • Upon successful verification, it will return a code.


  • Next, you need to call the sendRecoveryNotification() method to send the notification along with the code to the user. 
  • The generated email with the password reset link will be emailed to the user. 
  • Once the user clicks the reset link, the user should be directed to another captcha page for verification by calling getCaptcha(). 
  • The confirmation code must be verified along with the captcha answer by calling verifyConfirmationCode(). 
  • This will generate another code that must be passed to the updatePassword() method to update the password.

Tip: You can


see this scenario in action using this sample. Follow the “I forgot my password” link to see the demo.