Quick reminder of the context in which this would occur:
- User of your Teach on Mars application are authenticated through through a custom authentication service that you maintain
- So the critical information for the authentication (passwords and logins or emails) are stored in a distant service. Therefore the Teach on Mars platform cannot manage anything related to passwords.
A word about password recovery
The situation is commonly know. You need to fill in your login and password, but you cannot recall. The only thing you know is you are the right person.
The password recovery process will depend on which information the system has gathered about the users, but it should work this way:
- Ensure the requester identity: for instance, by asking for the user's email address
or by using a secret question that was already stored
or it could be some other method of authentication like face or fingerprints recognition
- Provide a way for the now identified user to choose a new password
or generate a new password randomly and communicate it to the user
This is all very generic, but it is purposely so, and you will see why next.
Implement your own password recovery process
Teach on Mars provides a way to open a web page when the user clicks on the link Forgotten password?. This way, the distant service can display an interface through which the user can input the necessary information for the process to begin.
In the end it is also possible to have the user authenticated in the application by asking for an authentication token just like at the end of the register form process.
The Teach on Mars team will only require the URL of the password recovery service.