🔒 Password Expiry Handling – REL-ID SDK Overview

📘 Purpose

The REL-ID SDK includes built-in support to detect when a user's password has expired and provides a secure method for resetting the password using the updatePassword API. This ensures users can recover access without administrative intervention while maintaining security compliance.

🔄 Scenario : Password Expired

1. Automatic Trigger: SDK auto-triggers getPassword event upon login with challenge mode RDNA_OP_UPDATE_ON_EXPIRY (4).
2. App Action: Prompt user to enter current and new passwords.
3. API Call: updatePassword(currentPassword, newPassword, 4)
4. SDK Response:
   • Immediate onUpdateCredentialResponse for success/failure.
   • On success, triggers onUserLoggedIn .
   
   

🛡️ Password Expiry Workflow

flowchart TD
A((🟡 A)) --> B([<b>A</b> is the point where user is activated with Password.])

   subgraph preLogin[Pre-Login Workflow]
      B --> normalLoginWorkflow([Normal Login WorkFlow])
      normalLoginWorkflow --> getUser(["getUser()"])
      getUser --> setUser(["setUser(&lt;userId&gt;)"])
      setUser --> getPassword(["getPassword()[pwdChlngMode: 0]"])
      getPassword --> setPassword(["setPassword(&lt;pwd, chlngMode&gt;)"])
      setPassword --> isPasswordExpired{Is Password Expired?}
			isPasswordExpired -->|YES| getPasswordExpired(["getPassword()[pwdChlngMode: 4]"])
      isPasswordExpired -->|NO| onUserLoggedIn(["onUserLoggedIn()<br>(On Dashboard Screen)"])
      getPasswordExpired --> updatePassword(["updatePassword(&lt;currentPwd, newPwd, chlngMode&gt;)"])
			updatePassword --> onUserLoggedIn(["onUserLoggedIn()<br>(On Dashboard Screen)"])
  end
  subgraph postLogin[Post-Login Workflow]
      onUserLoggedIn --> updatePasswordWorkflow([Update Password WorkFlow])
      updatePasswordWorkflow --> getPasswordPostLogin(["getPassword()[pwdChlngMode: 2]"])
      getPasswordPostLogin --> updatePasswordPostLogin(["updatePassword(&lt;currentPwd, newPwd, chlngMode&gt;)"])
      updatePasswordPostLogin --> onUpdateCredentialResponse(["onUpdateCredentialResponse()"])
			onUpdateCredentialResponse --> isPasswordExpiredPostLogin{Is Current Password Expired?}
			isPasswordExpiredPostLogin -->|YES| getUserPostLogin(["getUser()<br>(App redirects to Login Screen)"])
      isPasswordExpiredPostLogin -->|NO| onDashboard(["On Dashboard Screen"]) 
end

    style getUser fill:#d4fdd4,stroke:#228b22,stroke-width:2px
    style getPassword fill:#d4fdd4,stroke:#228b22,stroke-width:2px
    style getPasswordExpired fill:#d4fdd4,stroke:#228b22,stroke-width:2px
    style onUserLoggedIn fill:#d4fdd4,stroke:#228b22,stroke-width:2px
    style getPasswordPostLogin fill:#d4fdd4,stroke:#228b22,stroke-width:2px
    style onUpdateCredentialResponse fill:#d4fdd4,stroke:#228b22,stroke-width:2px
    style getUserPostLogin fill:#d4fdd4,stroke:#228b22,stroke-width:2px
    style onDashboard fill:#d4fdd4,stroke:#228b22,stroke-width:2px


    style setUser fill:#ffe4b3,stroke:#ff8c00,stroke-width:2px
    style setPassword fill:#ffe4b3,stroke:#ff8c00,stroke-width:2px
    style updatePassword fill:#ffe4b3,stroke:#ff8c00,stroke-width:2px
    style updatePasswordPostLogin fill:#ffe4b3,stroke:#ff8c00,stroke-width:2px


    style normalLoginWorkflow fill:#e1d5e7,stroke:#9673a6,stroke-width:2px
    style updatePasswordWorkflow fill:#e1d5e7,stroke:#9673a6,stroke-width:2px

🟩 Green - Callbacks issued by REL-ID SDK
🟧 Orange - APIs invoked by the Client App