question

Jeff Orkin avatar image
Jeff Orkin asked

Users without email need a way to change their password

I have seen the existing threads explaining why you do not yet support any way to change passwords aside from the account recovery email (security risk).  In those threads, there is talk of an API call that takes old password and new password.  Wondering if this is planned to be implemented?

Our use-case is probably not typical for PlayFab.  Some of our users are in K12 educational settings.  We want a teacher to be able to create a group, consisting of 20+ semi-anonymous students (no real identifying info like email addresses stored).  Through the back-end, we were going to enforce all of the student logins are set to the same group password, but we need a way to allow the teacher to manage that password (change it at any time).

Any suggestions on how we can give passwords to accounts without email addresses, and be able to change passwords when needed?  And any plans to implement an API call for updating a password for a user?

Thanks!

Jeff

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

3 Answers

·
brendan avatar image
brendan answered

When we started the service, all accounts with passwords had email addresses, which is why the design to date has been that password resets are via email (well, that and the fact that an API method like that runs the risk of allowing for a password change that the user doesn't control or know about - but that sounds like what you intend, in this case). Passwords can be given to accounts on creation, if you're using RegisterPlayFabUser - that function requires either an email address or a Username, by default. We don't have the "change my password" API method on the schedule right now, though there is a backlog item for this - I've added your name to it, so that we can make sure to update you on any change to that status.

1 comment
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

cqatproject avatar image cqatproject commented ·

Hi brendan, any update on Change Password api method?

0 Likes 0 ·
Jeff Orkin avatar image
Jeff Orkin answered

Thanks Brendan, that makes sense.  Please do keep me posted on the future status of the "change my password" API method.

One clarification -- you said: "When we started the service, all accounts with passwords had email addresses".  Is there such thing as PlayFab accounts that do not have passwords at all?  Something like that could be a work around for what I'm trying to do.  But if not, I think I have another work around anyway.

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

brendan avatar image
brendan answered

Oh, sure! All the Login... calls have a CreateAccount flag - that tells the service to create an account if one doesn't already exist. So you can create an account using any login method we make available - device ID, Facebook, Steam, etc. The only one that requires a password, when creating an account, is RegisterPlayFabUser.

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.