Specification
Purpose
This WS gives possibility to registered user change password to token
Request parameters
- grant_type
- password
- client_id
- scope
...
Validate grand type
- grant_type Check if $.grant_type in allowed_grant_types for client_id
- in case error return 401, "Client is not allowed to issue login token."
- validate grant_type = "password"
- in case error return
Validate email
- Check user with email = $.email exists in DB
- in case error return 401, "User not found."
- Validate user is_block flag = false
- in case error return 401, "User blocked."
Validate psw
- Check $.user's password = $.password
- in case error return 401, "Identity, password combination is wrong."
Validate scope
- validate client_id has scope=$.scope
- in case error return
Response
- 201 if access_token with scope "app:authorize" created
- 4XX in other case