I tried signin button on the "My Account" page. I enter a email, and it told me to create a password to use with Persona.
It supposed to send me a email with couchdb api link if I registered account successfully. But it hasn't.
So, how can I get an account on iriscouch? Is there any services can do the same thing of iriscouch?
Can anyone help me? I'm in emergency.
Related
Has anyone used OneLogin API to Create Custom Email settings with Office365?
We are trying to change the FROM Email Address used on Forgot Password request and unable to get it working with Office365.
Appreciate any help you can provide
Thanks!
Matt
OneLogin doesn't yet support Custom Email Providers. Although you can change the contents of Email.
I had same issue with OneLogin. I decided to send Email to users from SendGrid with OneLogin Forget Password link in it.
When i try to connect google actions through google assistant i need to get user email id from google account to perform some Operations. For this i try to pops up message to get end user permission to get user email id from google account. The below message pops up when user try to access my actions.
“I’ll just need to get your email from Google account. Is that ok?”
If user says "yes" then will get user email id or if user says "no" it will reject.
My query is if user says "Thank you" or "fine" then also getting user email id. is it expected behavior? if any document link available for this please share with me.
Yes, this is expected behaviour.
Getting the user's email or other user details is handled via accountlinking. I assume you are using Google Sign-in due to the dialogs that are used. The dialogs that are shown to your user when doing this are handled by Google.
Google has trained these dialogs quite well to make sure that the users details are only shared when the user agrees to it. If they answer the question with something unrelated, the dialog will reprompt automatically to make sure that user details are only shared if the user really means to do that.
The words "Thank you" and "Fine" are close enough to a Yes answer, so Google picks this up as a agreement to sharing the details.
Currently I am capturing the users email and phone when they sign up. Once they are signed up, they log in with their email and password. I would like to change this so they login with their phone and password instead of their email address. What update do I need to make in my custom policies to achieve this?
There is GitHub sample Where you can login users solely on Phone Number and MFA via SMS or Phone Call. This approach is passwordless. Hope this will helps your query
I am trying to implement the email verification system on Parse-Server (/Heroku), when a user account is created; so that the user can confirm his/her account creation.
Things are working well for those matters:
I can create a working account.
The user receives the verification email that is expected.
The problem is this:
When the user clicks on the link inside the verification email. This is what appears in the browser:
{"error":"unauthorized"}
Has anyone seen a similar issue and knows how to solve it?
I have a question about security flow of confirmation link.
I have a website on which you have to fill your email address and password after filing these information my app sends an email with a secure link to user email address. After clicking on confirmation email user automatically gets logged inside the application.
Now question :
Is there a security risk to auto login user on clicking of confirmation link ?
Is there and security risk to auto login user on clicking of confirmation link? Yes and no. It depends on what is in the link. What I would do is I would have two field in database activate_code, that is randomly generated and is_activated which is defaulted to 0. Then I will send a link to activation code and another email with activation link. Once at activation link, user will fill code and account will be activated. redirect him to login page.
Do not send user emails or any other information. just send random codes or something similar
That is my cent!
Yes there is a security concern, as Gumbo points out.
Since the user has provided an email & password, why not require he be logged in to access his confirmation page?