question

Darius Vu avatar image
Darius Vu asked

How do we recovery the password for username?

Dear Team,

I am using the login method using username (not email) and password with PlayFabClientAPI.RegisterPlayFabUser()

But could you tell me how do we recovery the password if an user forgot their password?

As I know, we can reset the password if users use the login method with the email and password. And in case of using an username and password (not email), how can we reset the password?

https://docs.microsoft.com/en-us/rest/api/playfab/client/account-management/sendaccountrecoveryemail?view=playfab-rest

Thank you so much.

10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
Rick Chen avatar image
Rick Chen answered

The user that did not add email information should not be able to recover their account. Because from the Server point of view, the server cannot determine whether the user is the account owner or other malicious person who happens to know the user’s username. Therefore, it would be better for the user to register account with email so that he can recover his account with email. Otherwise, the user should convince the admin that he is the account owner and let the admin to reset the password for him manually.

6 comments
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Darius Vu avatar image Darius Vu commented ·

Thank you so much for your answer.

How is about if users who registered by username and password have the same contact email?

For example, parents registered our app using the email and password. And then they created the accounts for their kids using username and password. They also added their email is the contact email in the kid's accounts.

In this case, do they have any way to reset the password of their kid's accounts? Because maybe the server will confuse about the parent's account and kid's accounts because they used the same contact email.

Thank you so much, again.

0 Likes 0 ·
Rick Chen avatar image Rick Chen ♦ Darius Vu commented ·

The contact email is not unique and users can have the same contact email. However, the SendAccountRecoveryEmail API requires an account email, which is different from contact email. The contact email is usually used for sending email notifications to player, but the account email is used for login and it is unique. The server will not get confused by the account email. In your case, children and parent cannot share the same account email. Therefore, either the parent should help the kids to register their own email and associate to their PlayFab account or the parent should convince the admin that the account was their kids’ account and let admin change the password manually.

1 Like 1 ·
Darius Vu avatar image Darius Vu Rick Chen ♦ commented ·

I am thinking about using the reset password function ResetPassword(NewPassword, Token) that uses the Admin API based Azure Function.

https://docs.microsoft.com/en-us/rest/api/playfab/admin/account-management/resetpassword?view=playfab-rest

But it has the problem that the token should be of the player requesting the password reset.

Do we have any way for a parent to use the Admin API based Azure Function to reset password for kid's account?

Thank you so much again.

0 Likes 0 ·
Show more comments

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.