Hi Guys
I'm putting a proposal together to get our website to start using Tokens instead of clear text passwords in the Send Credentials email. It all seems pretty straight forward to create a link in the email that will include the token.
Using this token I can login using the web API but I was wondering once you have logged in how you can update the current password. If you don't know the password and you only have a token how do you update the current password.
The only methods I can see are UpdateLogin and UpdateLoginWithPromoCode and they require you to know the existing passwords. So not sure how to do this. Not sure if this is possible with the current SOAP API without creating a custom method.
How are you guys doing this?
Thanks
Nick
Well, you learn something new every day! Didn’t know GetVariables returned the password, that is why I posted this in the first place!
From: Tessitura Web Forum [mailto:forums-tessitura-web@tessituranetwork.com] On Behalf Of Mark JamesSent: 30 May 2013 17:23To: Nick InsellSubject: Re: [Tessitura Web Forum] Reset Password with Token
Hi Nick,
My last post is a little misleading on reflection - I'm actually using the GetVariables method after the user has logged in with the token which returns an object which includes the users password.
I was actually quite suprised the password was returned in this way, but it seems to do the job for me!
Mark
From: Nick Insell <bounce-nicholasinsell2570@tessituranetwork.com>Sent: 5/30/2013 10:44:40 AM
Hi Mark
Which API method are you using to login to tessitura? We couldn't get the password returned from SOAP API so we had to build a custom procedure for updating the password. Maybe I was missing something so would be good to know.
In the end I built a custom stored procedure that allows you to update the password based on the token that the customer uses to login. So based on the token you can find the login and then update the login. I can share the stored procedure with you if you would like?
thanks
You were sent this email automatically because you subscribed to the Tessitura Web forum. You may reply to this message to post to the Web forum or visit the site to search, read and post to the forums. In the interest of keeping the forum posts from becoming cluttered, we encourage you to delete previous message text from your reply before sending. Thank you!
But please don't rely on this as the password will not be stored in a session variable starting with v12. The way to do this is to direct the token holder to a page where then can reset their password. When you request the token you can have the temporary flag set on the login. Then the constituent will be forced to change their password.
Hi Chuck,
Thanks for this info, and apologies if I'm missing something obvious here, but can you explain to me how I enact this foreced password change without using the original password?
I've tried setting the login status to temporary and then passing an empty string as the sPwd argument in the UpdateLoginWithPromoCode method, but no luck.
Sorry, that's the part that I failed to mention. In v12 UpdateLogin will change so that you will not need to supply the existing password to reset a temporary login.
Thanks Chuck.We're also looking at making these changes to our site but I'm a little confused about timing...Is this something that we can only begin to work on and test once we have v12 in a local environment? When will we see the updated v12 API methods?Adriana---Adriana LawWeb AnalystSydney Opera House
Hi A
You can use the token-based forgot password stuff now (ACO website uses it).
I think Chuck's just going to make it simpler to use in v12(-ish).
K
Ken is right--you've been able to do token based password resets since version 8 and it is has always been highly recommended that you switch to this method. What has changed is this--when the customer goes to reset their password after receiving the token websites were calling UpdateLogin and passing in the old password which was stored in a session variable. The password will no longer be stored there and UpdateLogin has been changed so that it will not require an existing password to reset a temporary login. This is code that will change in v12.