Versions Compared

Old Version 1

changes.mady.by.user Ziming Dong

Saved on

compared with

New Version 2

changes.mady.by.user Jay Hodgson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Fixing minor spelling issues only, no meaningful content changes.

...

Currently the reason field in ErrorResponse is reserved for a human-readable error message. We should also introduce an additonal additional fieldĀ errorCode that defines anĀ Enum which the clients can use to decide how it would like to handle the error.
For example, in the case of the password change required:

Code Block
HTTP ERROR 401
{
    "reason":"You must first change your password!"
    "errorCode": "PASSWORD_CHANGE_REQUIIREDREQUIRED"
}


  1. User logs in via the POST /login API with a username/password
  2. Check that the user's password is not in our list of known, common passwords.
  3. If it is, still return with HTTP 401 Unauthourized Unauthorized and respond with an ErrorResponse object that contains an errorCode.
  4. clientsClients, upon seeing the errorCode, should redirect to page for changing password.

...

Currently, our POST /user/password takes

Code Block
{

   "sessionToken": "<user session token>",
   "password": "myNewPassword"
}

...

EmailResetChangePassword for changing passwords via email. This would use a signed token to authorize the password change

Code Block
{
    "authourizationauthorization" : {
         "username": "AzureDiamond"
         "expiresOn": 12345678,
         "signature": "<HMAC signature>"
    },
    "newPassword": "hunter3"
}

...