Change user password without send mail

Sergio_Carbonete · June 22, 2021, 5:50pm

App developed in Xamarin.Forms, Realm Sdk 10.2.0

i want change user password in my app, without send mail flow.

It’s possible?

only function i found to change pwd is
await RealmApp.EmailPasswordAuth.ResetPasswordAsync(newPwd, “token”, “tokenid”);

thanks in advance for any help

nirinchev · June 22, 2021, 6:07pm

You can also use CallResetPasswordFunctionAsync to call a reset password function that you’ve created on the backend. What is your use case? Do you want to allow an already authenticated user to change their password?

Sergio_Carbonete · June 22, 2021, 6:31pm

User created by app using RealmApp.EmailPasswordAuth.RegisterUserAsync(mail, password); Provider is configured with automatic confirmation.

I want permit user change password any time at device app UI. Not need to send any mail. I don’t want write any server function. I think that any core function that make a user change can be called by client sdk.

bsr

nirinchev · June 22, 2021, 6:43pm

I don’t think this is possible or at least it’s not exposed. @Sumedha_Mehta1 do you know if there’s a recommended way to achieve what Sergio wants? As far as I can tell, the biggest challenge is that the reset password function is called without authentication, so the user needs to present some sort of verification that they are who they say they are. We can probably pass the user’s access token as that’s exposed in the SDK, but I’m not sure if there’s an API to validate it on the server.

Sumedha_Mehta1 · June 24, 2021, 3:43am

Hey @Sergio_Carbonete - can you describe the end-user flow you’re trying to achieve here?

You can use the custom password reset here without having to use the email reset. The SDK APIs have two functions:

CallResetPasswordFunctionAsync(String, String, Object[])

ResetPasswordAsync(String, String, String)

To avoid using email reset, you can pass in custom parameters into the first function, e.g.

callResetPasswordFunction("myUsername", "newPassword", ["Security Question Answer 1"])

In this example, you could use the security question to validate some logic and then return “success” to immediately reset the password to the new password, or return “pending”. If you return “pending”, note that you will have to do something with the token and tokenID which get generated and are available in the context for the handler for CallResetPasswordFunctionAsync(String, String, Object[]) on the Realm backend. (e.g. you can send these tokens to the user in a text, custom email, etc). The password will only fully reset if you call the second function with the token and tokenID w/

ResetPasswordAsync(NewPassword, Token, TokenID)

system · June 29, 2021, 2:57pm

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.