Gift Card Redemption Authentication

Gift Card Redemption - Account Recovery - Email - Subflow

The Gift Card Redemption - Account Recovery - Email - Subflow lets users recover a lost account using an email address.

Purpose

The Gift Card Redemption - Account Recovery - Email - Subflow presents users who have forgotten their password with the ability to reset it using their email address. Users provide and verify their email address. The flow provides a form for the user to enter a new password, then verifies and saves the new password.

Structure

This flow is divided into sections using teleport nodes:

Forgot Password Form

Initializes the variables used in the flow, then presents a custom HTML form on which users can enter their account’s email address. When the user clicks Submit, the flow progresses to the Do Protect Analysis & Send Recovery Code If Applicable section.

Do Protect Analysis & Send Recovery Code If Applicable

The flow progresses to the Threat Detection And Mitigation section. When this section completes, the flow uses a PingOne node to find a user with the specified email address. If the user is found and has a password, PingOne nodes enable the user and send a recovery code, and the flow progresses to the Recovery Code Form section.

Recovery Code Form

Uses a function node to check if the user’s account is enabled and a PingOne node to disable the account if it is enabled. A flow instance variable node then begins tracking the number of recovery attempts, and an HTTP node presents the user with a new password reset form.

  • If the user clicks Submit, the flow progresses to the Verify Password section.

  • If the user clicks Cancel, the flow progresses to the Forgot Password Form section.

  • If the user clicks Resend, the flow progresses to the Resend Recovery Code section.

Verify Password

Uses function nodes to verify that the new password and the confirmed password match and to validate the new password. If either condition isn’t met, it displays an error message. The flow then uses a function node to increment the number of validation attempts and progresses to the Update Password and Show Success Message section.

Update Password And Show Success Message

The number of recovery attempts is compared to the maximum. If it doesn’t exceed the maximum, PingOne nodes enable the user and save the new password.

If the new password isn’t set correctly, a PingOne node disables the user if not already disabled. Function nodes prepare the error details, then an error message displays.

If the new password is set correctly, a PingOne node notifies the user and a success message displays. The flow then progresses to the Return Success section.

Resend Recovery Code

The number of resend attempts is incremented by one and compared to the maximum. If it does not exceed the maximum, a PingOne node sends a new recovery code. A confirmation message is then displayed.

Threat Detection And Mitigation

Uses a function node to check whether PingOne Protect analysis is required.

If PingOne Protect analysis isn’t required, the flow returns to the Do Protect Analysis & Send Recovery Code If Applicable section.

If PingOne Protect analysis is required, the flow uses a PingOne node to look up the user, then invokes the Gift Card Redemption - Threat Detection - Subflow.

If the Gift Card Redemption - Threat Detection - Subflow completes successfully, a function node stores the risk evaluation as a variable, then a second function node branches the flow based on the risk level:

  • If the risk level is low or medium, the flow returns to the previous section.

  • If the risk level is high, function nodes check if the PingOne user ID is empty or if the high risk was the result of a new device. If neither condition is true, PingOne node notifies the user of the suspicious activity. Regardless of conditions, an error message is then displayed.

If the Gift Card Redemption - Threat Detection - Subflow completes unsuccessfully, an error message displays.

Return Success

Sends a success JSON response, indicating that the flow completed successfully. A function node also checks whether the risk evaluation ID is empty and uses a PingOne node to update the risk evaluation if the ID is present.

Return Error

Uses a function node to enrich the error details and sends an error JSON response, indicating that the flow completed unsuccessfully. A function node also checks whether the risk evaluation ID is empty and uses a PingOne node to update the risk evaluation if the ID is present.

Input schema

This flow has the following inputs:

Input Name Required? Description

companyLogo

No

The company logo.

Used only when the main flow was launched using the widget.

protectriskPolicyId

No

The ID of the PingOne Protect risk policy to use in the flow.

username

No

The username of the account being recovered.

resendOtpLimit

Yes

The maximum number of times a user can resend a one-time passcode (OTP).

recoveryLimit

Yes

The maximum number of times a user can attempt to recover an account.

hideBackButton

No

Indicates whether to hide the back button on the Forgot Password form.

Output schema

This flow has the following outputs:

Output Name Description

p1UserId

The user ID of the current user.

subflowResult

The result status of the flow.

authMethod

The authentication method that was configured by the flow.

errorMessage

The error message to display in the parent flow.

errorDetails

The details of the error that occurred in this flow.

Variables

This flow uses the following variables:

Variable Name Description

resendOtpAttempts

The number of times the user has resent an OTP.

recoveryValidationAttempts

The number of times the user has attempted account validation.

protectRiskEvalId

The risk ID of the current user returned by PingOne Protect.