Post-Password Update Callout

The post-password update callout will be invoked immediately after a successful password update in IBM Security Verify Access. 

This callout conforms to the 'Modifying with Patch' section of the 'System for Cross-domain Identity Management: Protocol' RFC (RFC 7644) : section 3.5.2 (https://tools.ietf.org/html/rfc7644#section-3.5.2). The supplied user identity is appended to the configured post-password update endpoint. An example of the request can be:

PATCH /Users/2819c223-7f76-453a-919d-413861904646
Host: example.com
Accept: application/scim+json
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8

{
   "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
   "Operations": [
      {
         "op":"replace",
         "value": { “password”: “newPassw0rd” }      }   ]
}

If the call is successful an empty '204' response is returned:

HTTP/1.1 204 No Content
Location: https://www.example.com/Users/2819c223-7f76-453a-919d-413861904646

If the call is unsuccessful a SCIM error response is returned. The 'detail' field contained in the response is then sent back to the client. The IBM Security Verify Access password update operation is not reverted. The 'Accept-Language' header from the request should be used by the REST service to determine the locale which is to be used by the REST service when generating the response. An example error response can be:

HTTP/1.1 400 Bad Request 
Content-Type: application/scim+json

{ 
   "schemas": ["urn:ietf:params:scim:api:messages:2.0:Error"],
   "scimType":”tooLong" 
   "detail": ”The password must be at least 8 characters in length.", 
   "status":"400”
}

Parent topic: Password Callouts