Change the password

POST

/v1/iam/auth/change-password

const url = 'http://localhost:8080/v1/iam/auth/change-password';
const options = {
  method: 'POST',
  headers: {'Content-Type': 'application/json'},
  body: '{"currentPassword":"example","newPassword":"example"}'
};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}

curl --request POST \
  --url http://localhost:8080/v1/iam/auth/change-password \
  --header 'Content-Type: application/json' \
  --data '{ "currentPassword": "example", "newPassword": "example" }'

Self-service password change. Le user fournit son currentPassword + un newPassword. Verif via bcrypt, hash new, met passwordChangedAt, révoque toutes les sessions actives SAUF la courante (kick d’éventuels attackers). Audit iam.user.password_changed. Pour reset oubli password, voir /iam/auth/forgot-password → /iam/auth/reset-password.

Request Body^required

application/json

object

currentPassword

required

string

>= 1 characters <= 1024 characters

newPassword

required

string

>= 8 characters <= 1024 characters

Example ^generated

{
  "currentPassword": "example",
  "newPassword": "example"
}

Responses

200

Password changed.

application/json

object

status

required

string

Allowed value: success

code

required

string

data

required

object

changed

required

boolean

changedAt

required

string format: date-time

revokedSessions

required

integer

cache

object

hit

required

boolean

key

string

ageSeconds

integer

expiresAt

string format: date-time

timing

object

totalMs

required

integer

dbMs

integer

externalMs

integer

deprecation

object

sunset

required

string format: date-time

successor

string

note

string

Example

{
  "status": "success",
  "data": {
    "changed": true
  }
}

400

Requête mal formée (validation_error, invalid_idempotency_key, invalid_sort_field, invalid_filter).

application/json

object

status

required

string

Allowed value: error

code

required

string

error

required

object

message

string

requestId

required

string

details

Array<object>

object

path

string

code

string

message

string

key

additional properties

Example

{
  "status": "error"
}

401

Authentification manquante ou invalide.

application/json

object

status

required

string

Allowed value: error

code

required

string

error

required

object

message

string

requestId

required

string

details

Array<object>

object

path

string

code

string

message

string

key

additional properties

Example

{
  "status": "error"
}

409

Conflit d’état (cannot_replay_<status>, idempotency_mismatch).

application/json

object

status

required

string

Allowed value: error

code

required

string

error

required

object

message

string

requestId

required

string

details

Array<object>

object

path

string

code

string

message

string

key

additional properties

Example

{
  "status": "error"
}

Change the password

Request Body required

Example generated

Responses

200

Example

400

Example

401

Example

409

Example

Request Body^required

Example ^generated