mirror of
https://github.com/zitadel/zitadel.git
synced 2025-07-11 06:08:31 +00:00

* Modified quick start guide to reflect the new onboarding changes. * Modified titles to optimize indexing. Left thet titles in title case for now. * Added side bar labels and also made minor changes to titles. * Update docs/docs/apis/openidoauth/endpoints.mdx Co-authored-by: Fabi <fabienne@zitadel.com> --------- Co-authored-by: Fabi <fabienne@zitadel.com>
110 lines
3.4 KiB
Plaintext
110 lines
3.4 KiB
Plaintext
---
|
|
title: Password Reset/Change in ZITADEL
|
|
sidebar_label: Password Reset/Change
|
|
---
|
|
|
|
When your user is on the password screen and has forgotten his password you will probably want him to be able to reset by himself.
|
|
|
|
## Flow
|
|
|
|

|
|
|
|
## Request Password Reset
|
|
|
|
First you will have to make a request, to ask for a password reset.
|
|
The goal is to send the user a verification code, which he can use to verify the password reset request.
|
|
|
|
There are two possible ways: You can either let ZITADEL send the notification with the verification code, or you can ask ZITADEL for returning the code and send the email by yourself.
|
|
|
|
[Request Password Reset Documentation](/apis/resources/user_service/user-service-password-reset)
|
|
|
|
### ZITADEL sends the verification message
|
|
|
|
When you want ZITADEL to send the verification code you can define the notification channel.
|
|
Per default the verification code will be sent to the email address of the user.
|
|
|
|
Make sure to also include the URL Template to customize the reset link in the email sent to the user.
|
|
|
|
### Request
|
|
|
|
```bash
|
|
curl --request POST \
|
|
--url https://$ZITADEL_DOMAIN/v2beta/users/$USER_ID/password_reset \
|
|
--header 'Accept: application/json' \
|
|
--header 'Authorization: Bearer '"$TOKEN"'' \
|
|
--header 'Content-Type: application/json' \
|
|
--data '{
|
|
"sendLink": {
|
|
"notificationType": "NOTIFICATION_TYPE_Email",
|
|
"urlTemplate": "https://example.com/password/changey?userID={{.UserID}}&code={{.Code}}&orgID={{.OrgID}}"
|
|
}
|
|
}'
|
|
```
|
|
|
|
### ZITADEL returns the code
|
|
|
|
Send the request with asking for the return Code in the body of the request.
|
|
|
|
#### Request
|
|
```bash
|
|
curl --request POST \
|
|
--url https://$ZITADEL_DOMAIN/v2beta/users/$USER_ID/password_reset \
|
|
--header 'Accept: application/json' \
|
|
--header 'Authorization: Bearer '"$TOKEN"'' \
|
|
--header 'Content-Type: application/json' \
|
|
--data '{
|
|
"returnCode": {}
|
|
}'
|
|
```
|
|
|
|
#### Response
|
|
|
|
You will get the verification code in the response:
|
|
```bash
|
|
{
|
|
"details": {
|
|
"sequence": "625",
|
|
"changeDate": "2023-06-27T15:02:10.321773Z",
|
|
"resourceOwner": "163840776835432705"
|
|
},
|
|
"verificationCode": "IBJMUC"
|
|
}
|
|
```
|
|
|
|
## Send Verification Code
|
|
|
|
The verification code is generated and ZITADEL has sent it with the defined channel (email or sms) to your users.
|
|
If you have chosen to get the code back in the response, you should now send the code to your user.
|
|
|
|
## Change Password
|
|
|
|
The next screen should allow the user to enter the verification code and a new password.
|
|
From a user experience perspective it is nice to prefill the verification code, so the user doesn't have to do manually.
|
|
|
|
As soon as the user has typed the new password, you can send the change password request.
|
|
The change password request allows you to set a new password for the user.
|
|
|
|
[Change Password Documentation](/apis/resources/user_service/user-service-set-password)
|
|
|
|
:::note
|
|
This request can be used in the password reset flow as well as to let your user change the password manually.
|
|
In this case it requires additionally the current password instead of the verification code.
|
|
:::
|
|
|
|
|
|
### Request
|
|
|
|
```bash
|
|
curl --request POST \
|
|
--url https://$ZITADEL_DOMAIN/v2beta/users/$USER_ID/password \
|
|
--header 'Accept: application/json' \
|
|
--header 'Authorization: Bearer '"$TOKEN"'' \
|
|
--header 'Content-Type: application/json' \
|
|
--data '{
|
|
"newPassword": {
|
|
"password": "Secr3tP4ssw0rd!",
|
|
"changeRequired": false
|
|
},
|
|
"verificationCode": "48CDAP"
|
|
}'
|
|
``` |