Skip to content

Advanced forgot password form #1054

New issue
New issue
Open
Open
Advanced forgot password form#1054
Labels
featurepaid-featureTargeted for the paid editions of FusionAuth
@mooreds

Description

@mooreds
mooreds
opened on Jan 5, 2021

Advanced forgot password form

Problem

Sometimes you want the user to provide more information to give more security before sending a password reset. This may be especially true if your application is sensitive (financial institution, regulated industry, etc).

Solution

Basically, the same way we let FusionAuth admins build a registration form or an edit form (with advanced registration forms), we'd also let them build a forgot password form. The same concept of steps or stages would apply. Then, you'd associate it with a tenant.

When an end user clicked forgot password, they'd have to provide additional information as configured.

Example use cases:

Insurance company wants additional security on forgot password. They build a forgot password form which requires not only email address, but also the zip code of the home and the insurance policy number. The email address and the zip code of the home are on the first step, and the insurance policy number is on the second.

Each user in the system has the home zip code and ins policy number attached to their user.data.

Scenario 1: A user comes to reset their password. They provide a valid email address but a zip code that doesn't match the record of the user. They are shown an error screen.

Scenario 2: A user comes to reset their password. They provide a valid email address but a zip code matches the record of the user. They are directed to a second screen, where they enter an incorrect policy number. They are shown an error screen.

Scenario 3: A user comes to reset their password. They provide a valid email address but a zip code matches the record of the user. They are directed to a second screen, where they enter the correct policy number. They then receive the typical forgot password magic link to the email address, and enter the normal password reset flow.

Alternatives/workarounds

You could build this all yourself on top of the FusionAuth APIs.

How to vote

Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.

Metadata

Metadata

Assignees

No one assigned

    Labels

    featurepaid-featureTargeted for the paid editions of FusionAuth

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions