Enhancement Request - User Password Reset Process Is Not Ideal
(Doc ID 2222013.1)
Last updated on MARCH 19, 2024
Applies to:
Oracle Commerce Cloud Service - Version N/A and laterInformation in this document applies to any platform.
Goal
In order to be compliant with security best practices and to offer a better user experience the following enhancement regarding customer password reset is requested:
1) User requests a password reset by submitting their username (email) to the application.
2) A password reset token is created and saved to database. Token is set to expire after 72 hours.
3) Email is dispatched with a link containing the token embedded.
4) Token is evaluated.
a. If token is valid: User is prompted for a new password and a field to confirm password.
b. If Passwords match and meet password requirements: Set user's password and delete token from database.
c. If Passwords don't match or do not meet password requirements: Prompt to reenter password with error message with details about why the password wasn't valid.
d. If token is not valid: User is presented an error message and given the option to provide a username to start the user password reset (step 1)
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
References |