Reset password not working?


#21

Good questions indeed. I am not as well versed with all of this information and would like to refer to @rickkas7’s expertise on it. As he is available, he should be able to update you with more information.


#22

Hi Matthew,

I think I’m in in the same boat as Joost. Can the answers to Joost’s questions above be posted here so other users like myself can benefit as well?

Thank you,
Ruben.


#23

Hi @rlysens,

Thanks for digging this up. Great idea on elaborating here for you and others. :slight_smile:

A “Particle User”, in this case, is someone who would sign up at https://login.particle.io/login for instance. This is a fully fledged, first-class citizen in our ecosystem with the ability to get password reset emails, add devices, create webhooks, products, etc.

A “Simple Auth” (or “Customer”) user is going to be created through an SDK of sorts ( such as the Android SDK). We only store incredibly basic information for these users and they do not have console access, etc. These users are “sub users” managed by a “Particle User” in this case.

We offer an endpoint to update “Simple Auth”/“Customer” users passwords–but how this is implemented (if at all) is up to the developer.

Password management around simple auth is all very basic endpoints to help you, the developer, associate your customers here at Particle. Actual password reset flows should rely on your own ecosystem for resetting passwords, sending reset emails, etc. That ecosystem should employ these Particle endpoints on the backend to help associate your user account with the associated simple auth account.


#24

Thanks for the information Matthew.

So the Device Setup Library has an activity to create customers and an activity to reset their passwords but the endpoint behind password reset (/v1/user/password-reset or /v1/products/{productId}/customers/reset_password?) is not working. That is very unfortunate.

I guess I could modify the password reset activity and Cloud SDK so that customers can modify their own password using the update customer password endpoint, but that only works if I change the OAuth client scope to Full Control. However that creates a pretty big security hole. Again, very unfortunate after going through all the trouble of creating OAuth clients, Access Tokens etc.

The other option is that I provide a password reset flow through a web server of my own. But the whole point of choosing Simple Auth is that I shouldn’t have to do that. From the docs:
“Simple auth is ideal for getting a Particle product up-and-running quickly. Without needing to build your own back-end, development time to creating an app to work with a Particle device is greatly reduced.”

It would be much better if password-reset wise, customer accounts would be treated as Particle user accounts. Then the /v1/user/password-reset endpoint would work just fine.


#25

Hey @rlysens,

If you’re finding an API endpoint is not working as intended, please file an issue on our Particle API JS repository, stating the issues you are facing and means to reproduce. Feel free to provide the issue here once created so that I can get attention around it with our engineering teams.


#26

OK. Since it hasn’t been decided at which level this issue should be addressed, I reported it at the highest level where the issue is visible to me, i.e. the Android SDK Device Setup Library:


#27

The same is the issue with cloud api
"PUT /v1/products/:productIdOrSlug/customers/:customerEmail"
for updating password. Returns

{
    "ok": false,
    "code": 404,
    "error": "Customer not found"
}

Where as this api "GET /v1/products/:productIdOrSlug/customers" returns all the customers.

Need to have a quick resolutions as its our live product and we have had couple of customers report this issue already.

ps. I use the right productID/Slug in the api above along with the right access_token.