Stop using the simple authentication method for Particle products?

Cloud
9

Hi folks,

I’d like to provide some insight on the path forward, how it should be done:

Previous process:

  1. Customer loses access, clicks “forgot password” on your mobile/frontend app
  2. App hits unauthenticated POST /v1/products/:id/customers/reset_password
  3. This triggers an email to the customer (if SMTP settings were configured) that contains a link to reset his password (behind the scenes a short-lived reset password token is created)
  4. Email links to Particle’s SSO app that shows the “set new password”, verifies the said token, customer types in new password and frontend hits POST /v1/password with token and new password (behind the scenes).
  5. Customer password is reset.

New process:

  1. Customer loses access, clicks “forgot password” on your mobile/frontend app
  2. App hits an endpoint on your backend [the backend app should “know”: (a) Your Particle access_token - the one you used to create that product, (b) Optionally, list of valid customer emails]
  3. This triggers an email to the customer sent from your backend. Btw, email can now have your brand logo/colors etc. Email contains link to reset his password (behind the scenes a short-lived reset password token is created and stored in your backend db)
  4. Email links to your hosted brand-themed webpage that shows the “set new password”, verifies the said token, customer types in new password and frontend hits an endpoint on your backend with the new password.
  5. Backend hits Particle’s API existing authenticated PUT /v1/products/:id/customers/:customerEmail {password: <new_password>, access_token: <your_token>}.
  6. Customer password is reset.

Thanks to this thread - we’re hard at work creating a full working example for the new process, can’t say when it’ll be available but I can say it will be a relatively simple backend/frontend app, hosted on a free hosting service. I won’t suggest waiting for that and would encourage you to start implementing this solution on your side.

I know Jeff’s email specified that the deprecation will occur on an earlier date but I can confirm it will happen, in practice, through the end of September.

Let me know if you have questions.

Cheers

2 Likes