I am trying to use crowd's built-in forgot password functionality over my app with spring security.But for this issue I guess I need have my own implementations. I also come accross this discussion which says I can avoid all complexities with dynamic auto-expiring links emails+database stuffs using authentication-flows. Has anyone done it before? What would be the best path forward? Can you share your experience about these?
Guide to implementing password recovery with dynamic URL sent to email over atlassian crowd with spring security
165 Views Asked by MD. Mohiuddin Ahmed At
1
There are 1 best solutions below
Related Questions in SPRING-SECURITY
- How do I propagate the current SecurityContext to my @RabbitListener in Spring Boot?
- Spring security causing 404 with message "No static resource login"
- Spring JPA Data Auditing - How to design it?
- Spring 3 - Security: How to rebuild authManager () usage?
- Error: Cannot invoke "jakarta.servlet.http.HttpSession.getAttribute(String)" because "session" is null
- how to use ldap authentication with permission taken from db without needing password in UserDetails
- This error occurred when using springsecurity for database user verification: IllegalArgumentException
- Issue with configuring SpringSecurity to allow URLs in FilterChain
- getting React Hook "useSetupInterceptors" cannot be called at the top level when try to use useSignOut hook
- Spring Authorization Server `JdbcOAuth2AuthorizationService` does not save custom User object
- Customize Authorization Code claims with Spring OAuth2 Authorization Server 3.2.4
- Spring Security Reactive OAuth2 Client: Options for Customizing Refresh Endpoint
- Repository injection in an handler spring boot class performance
- Spring Security mix form based and http basic authentication
- SecurityContextHolder.getContext().getAuthentication() is null
Related Questions in SINGLE-SIGN-ON
- Generate Databricks personal access token using REST API
- Allow external users to login using custom SAML app in Google Admin
- Handling errors in MSAL Redirect - reactjs login with microsoft sso
- How would single sign-on work for my multi-tenant application?
- How can we make an environment specific Token-based authorization using Ping Token?
- Is it possible to integrate Looker Studio with websites without keeping it public, to preserve data?
- OKTA SSO Driven API Invocation
- Is there any way to login SSO using RestAssured or using any API calls?
- Is it possible to interact with SSO between Website A and Website B?
- SSO to Grafana embeded in iframe
- Secure React App and .net 6 apis with Keycloack
- Integrating one tap sign in with phone from phone email - Converting html and javascript code to React JS
- I need SSO and Maven to work together in a Tomcat 9 Eclipse project, I have check the usual suspects but I think I missed something
- Firebase Authentication SAML resource metadata file
- How to add ForceAuthn flag on AWS cognito
Related Questions in PASSWORD-RECOVERY
- I forgot the password to open a Word document. How can I retrieve the password?
- Parse: Dashboard: Reset Login Password
- Django Rest Framework + Django-Allauth Password Reset/Recovery
- Laravel 4 password reminder: redirection issue
- Recovering admin ID and password for local installation of MySQL
- How do I know sqlIte version and password of a db file?
- Password in postgres 8.3 not working
- Devise update password
- How can I use WIF with a password self reset portal?
- Rails Devise Password Reset Email allowing multiple submissions
- Blazor Wasm with AAD B2C: SignUpSignIn userflow - reset password, how to catch AADB2C90118
- Forgotten password in webapp
- Password Reset Link Expiry
- How can i change or update password in asp.net membership via sql server
- Statement invalid when attempting to implement password_reset Railscast
Related Questions in ATLASSIAN-CROWD
- Graylog2 + Crowd LDAP
- Trying to add dependency to Atlassian pom.xml using IntelliJ
- Automatic issue assignment not working properly
- How do I add multiple groups to a user with the Atlassian Crowd REST API?
- Django. Authentication backends
- django removes "is_staff" permission if I try to login
- Making an OpenID Provider with SSL
- CakePHP 2.x and Atlassian Crowd
- Jenkins + Crowd2 plugin: execute API from 3rd party application
- Is it possible to authenticate Atlassian Crowd users using a CAS server?
- Can I use Atlassian Crowd to authenticate gerrit instead of ldap?
- Crowd installation error
- Parse XML to get a list or dictionary of data values from crowd API
- OpenID endpoint file includes wrong url without https
- Keycloak integration with Atlassian Crowd
Related Questions in AUTHENTICATION-FLOWS
- How can I get custom authentication flow data via REST API in keycloak?
- How to set AuthenticationFlow and ResponseMode in .Net 6
- Authentication flows | React Navigation 6 - How to get webToken?
- Authentication-Flows: java.lang.StringIndexOutOfBoundsException: String index out of range: -1
- authentication-flows email URL's do not work after web server reset
- In maven how to add a local maven project as a dependency with source code
- How to build the war files for oAuth2-sample project?
- How to solve "Could not find artifact com.ohadr:authentication-flows"?
- Issues in setting up Authentication Flows project
- Could not resolve placeholder 'com.ohadr.auth-flows.endpoints.accountActivatedEndpointUrl' in string value ""
- Guide to implementing password recovery with dynamic URL sent to email over atlassian crowd with spring security
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
The authentication-flows module can integrate with different types of DBs. Currently, I have implemented connections to SQL server as well as GAE (gae-datastore).
AFAI understand, you need your own implementation, one that can invoke (REST) calls to Atlassian DB. So there is a need to research what is the API of Atlassian, and what are their capabilities of 'create account', 'forgot password', 'change password' and so on, and of course what is their implementation (do they send emails to users etc).
Note that the authentication-flows delegates the call to the relevant implementation, for example create-account, and it expects the implementation nothing but creating the entry in the DB. So if Atlassian implementation involves with sending e-mails to users upon account-creation, the user will get 2 email: one from Atlassian and the 2nd from auth-flows, and it will be problematic.
EDIT:
After reading CROWD's REST APIs and Resources, is looks doable!