stackoom
  简体   繁体   中英

IdentityServer4 and Update password using API

 原文  2020-02-03 10:59:01       c#/ api/ oauth-2.0/ identityserver4/ openid-connect

Question

I have an API project and a separate project running IdentityServer4. A 3rd party app logins to IdentityServer4 and receives Access Token. Using the token 3rd party app makes calls to API project. Now 3rd party app wants an API resource (api/users/change_password) to have the ability to change password of a user by providing username, current password and new password. How can I update/change user's password from API project?

1 answers

solution1
 3 ACCPTED  2020-02-03 11:45:39

I would say that something is wrong with the requirement. To get an access token you redirect user to IDP UI . But to change a password you don't want to do it. Why? Setting password through API isn't secure. It means that 3rd party application can change user password by its own wish. It's very risky.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Using IdentityServer4 with DataProtection API for token signing IdentityServer4 using ApiKey or Basic authentication directly to API Browserless API protection with IdentityServer4 IdentityServer4 - user permissions on the API IdentityServer4 + API on same host Identityserver4 and API in single project IdentityServer4 - Using External Authentication IdentityServer4 Add Password returns false IdentityServer4 api forward token to another api IdentityServer4 API unauthorized to call introspection endpoint
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM