Purpose

Those WS are designed to give the user change the password or in case the password is expired and must be changed.

WS logic

The password can be changed in 2 steps:

• user authorizes in the system using email and old password. In response he receives the change_password_token
• with change_password_token user requests Update User password service and by input "new password" change the old one

Authorize to change the password

1. Apiary: Get token to change the password
2. Scopes: user: change_password
3. If the password is expired this service must still allow user to login and give in response change_password token

Update Password

1. Apiary: Update User password 
2. Receiving a token find user_id and update the password for this user

Next flows are possible 

1. User doesn't have 2fa
   • Request token
   • Update Password
2. User has 2fa and set factor
   • Request token
   • Send OTP
   • Update Password
3. User has 2fa without factor
   • Request token
   • Init factor
     • request_scope: "user:change_password"
   • Send OTP
   • Update Password