The authentication action of type reset-password shows a prompt where users are asked to update their password.
The Action decides on whether to show this prompt by accessing the Attributes and looking for the value of the attribute with the configured name.
By default that attribute is searched in the subject attributes, it is possible to change this source location by using the attribute-source setting.
The alternative locations are the context attributes and the action attributes.
Fig. 113 The reset password prompt
The following configuration options are available:
Normally, this action would run at the login flow of an authenticator like html-form. It only shows the prompt when an attribute with
the configured name (attribute) is found in the Subject Attribute and its value is true. Then the user would either
update the password or skip, if that is allowed by the configuration.
The action doesn’t update any of the account attributes, so together with this action you probably want to create an event listener that acts on the event PasswordUpdatedCredentialManagerEvent. There you can choose to update your account store so that the next time the user logs in, you don’t ask for another password reset
Possible Validation Errors (prefixed as message keys with authentication-action.reset-password):
Internal errors at runtime might occur, if