Skip to main content

OAuth Authentication Forgot Password Workflow Diagram Text Description

  1. In a federation where OAuth Forgot Password has been enabled, a user who is logging in on any instance in the federation is redirected to the Universal Login page on the OAuth server, where they click the Forgot Password button.

  2. The OAuth server displays the Forgot Password page.

  3. The user enters a domain and username on the Forgot Password page.

  4. If password reset is not enabled in the security domain, the OAuth server displays an error message that says, “Contact system administrator to reset password.”

  5. If password reset is enabled for the domain, the Registry invokes the SendResetPasswordEmail callback in the security domain callback class. The security domain callback class is a custom class that extends HS.Registry.Person.User.HSAuth for your domain. The SendResetPasswordEmail callback specifies the password reset link URL and email server information.

  6. The Registry sends a custom email that includes the password reset link to the EmailID on file for the LoginID in the security domain.

  7. The OAuth server displays the Thank You page, which indicates that a password reset link has been sent.

    Note:

    For security reasons, the OAuth server displays the Thank You page whether or not the email delivery is successful. Email delivery failures are reported in the audit log.

  8. When the user clicks on the password reset link in the email, the OAuth server displays the Reset Password page.

  9. The user enters a new password on the Reset Password page.

  10. The Registry invokes the OnValidatePW callback in the security domain callback class:

    • In an internal security domain, the HealthShare user/clinician registry validates the password.

    • In an external security domain, the OnValidatePW callback designates an external source such as an LDAP server to validate the password.

  11. If the password fails validation, the OAuth server displays the error message from the OnValidatePW callback, and the user is returned to the Reset Password page to try again.

  12. Once the password passes validation, the user can submit the new password from the Reset Password page on the OAuth server.

  13. Now that a valid password has been submitted, the Registry invokes the OnResetPW callback in the security domain callback class:

    • In an internal security domain, the HealthShare user/clinician registry resets the password.

    • In an external security domain, the OnResetPW callback designates an external source such as an LDAP server to reset the password.

  14. The user is redirected to the Success page on the OAuth server.

FeedbackOpens in a new tab