Post by AMI_Mani on Apr 20, 2022 11:02:31 GMT
Hi,
As per specification we need to allow create session returning 201 and use that session only to change password.
When a client accesses the service by using credentials from a ManagerAccount resource that has a
PasswordChangeRequired value of true, the service shall allow:
• A session login and include a @message.ExtendedInfo object in the response containing the
PasswordChangeRequired message from the Base Message Registry. This indicates to the
client that their session is restricted to performing only the password change operation before
access is granted.
Based on above point, we can allow created session to change password alone and after changing password, old session needs to be invalidated(deleted) since session was created using default password.
Created session can only use to change password and it will become invalid after changing password
Please confirm about this scenario of deleting session after changing password and if any details available in specification, please point to that section
Thanks,
Mani
As per specification we need to allow create session returning 201 and use that session only to change password.
When a client accesses the service by using credentials from a ManagerAccount resource that has a
PasswordChangeRequired value of true, the service shall allow:
• A session login and include a @message.ExtendedInfo object in the response containing the
PasswordChangeRequired message from the Base Message Registry. This indicates to the
client that their session is restricted to performing only the password change operation before
access is granted.
Based on above point, we can allow created session to change password alone and after changing password, old session needs to be invalidated(deleted) since session was created using default password.
Created session can only use to change password and it will become invalid after changing password
Please confirm about this scenario of deleting session after changing password and if any details available in specification, please point to that section
Thanks,
Mani
