Package com.stytch.sdk.b2b.passwords

Interface Passwords

  • All Implemented Interfaces:
    
public interface Passwords

    The Passwords interface provides methods for authenticating, creating, resetting, and performing strength checks of passwords.

    Stytch supports creating, storing, and authenticating passwords, as well as support for account recovery (password reset) and account deduplication with passwordless login methods.

    Our implementation of passwords has built-in breach detection powered by HaveIBeenPwned on both sign-up and login, to prevent the use of compromised credentials and uses configurable strength requirements (either Dropbox’s zxcvbn or adjustable LUDS) to guide members towards creating passwords that are easy for humans to remember but difficult for computers to crack.

    • Constructor Detail

    • Method Detail

      • authenticate

         abstract StytchResult<PasswordsAuthenticateResponseData> authenticate(Passwords.AuthParameters parameters)

        Authenticate a member with their email address and password. This endpoint verifies that the member has a password currently set, and that the entered password is correct.

        There are two instances where the endpoint will return a reset_password error even if they enter their previous password:

        • The member's credentials appeared in the HaveIBeenPwned dataset. We force a password reset to ensure that the member is the legitimate owner of the email address, and not a malicious actor abusing the compromised credentials.

        • The member used email based authentication (e.g. Magic Links, Google OAuth) for the first time, and had not previously verified their email address for password based login. We force a password reset in this instance in order to safely deduplicate the account by email address, without introducing the risk of a pre-hijack account-takeover attack.

        Parameters:
        parameters - required to authenticate
        Returns:

        PasswordsAuthenticateResponse

      • authenticate

         abstract Unit authenticate(Passwords.AuthParameters parameters, Function1<StytchResult<PasswordsAuthenticateResponseData>, Unit> callback)

        Authenticate a member with their email address and password. This endpoint verifies that the member has a password currently set, and that the entered password is correct.

        There are two instances where the endpoint will return a reset_password error even if they enter their previous password:

        • The member's credentials appeared in the HaveIBeenPwned dataset. We force a password reset to ensure that the member is the legitimate owner of the email address, and not a malicious actor abusing the compromised credentials.

        • The member used email based authentication (e.g. Magic Links, Google OAuth) for the first time, and had not previously verified their email address for password based login. We force a password reset in this instance in order to safely deduplicate the account by email address, without introducing the risk of a pre-hijack account-takeover attack.

        Parameters:
        parameters - required to authenticate
        callback - a callback that receives an PasswordsAuthenticateResponse

      • authenticateCompletable

         abstract CompletableFuture<StytchResult<PasswordsAuthenticateResponseData>> authenticateCompletable(Passwords.AuthParameters parameters)

        Authenticate a member with their email address and password. This endpoint verifies that the member has a password currently set, and that the entered password is correct.

        There are two instances where the endpoint will return a reset_password error even if they enter their previous password:

        • The member's credentials appeared in the HaveIBeenPwned dataset. We force a password reset to ensure that the member is the legitimate owner of the email address, and not a malicious actor abusing the compromised credentials.

        • The member used email based authentication (e.g. Magic Links, Google OAuth) for the first time, and had not previously verified their email address for password based login. We force a password reset in this instance in order to safely deduplicate the account by email address, without introducing the risk of a pre-hijack account-takeover attack.

        Parameters:
        parameters - required to authenticate
        Returns:

        PasswordsAuthenticateResponse

      • resetByEmailStart

         abstract StytchResult<BasicData> resetByEmailStart(Passwords.ResetByEmailStartParameters parameters)

        Initiates a password reset for the email address provided. This will trigger an email to be sent to the address, containing a magic link that will allow them to set a new password and authenticate.

        Parameters:
        parameters - required to reset an account password
        Returns:

        BaseResponse

      • resetByEmailStart

         abstract Unit resetByEmailStart(Passwords.ResetByEmailStartParameters parameters, Function1<StytchResult<BasicData>, Unit> callback)

        Initiates a password reset for the email address provided. This will trigger an email to be sent to the address, containing a magic link that will allow them to set a new password and authenticate.

        Parameters:
        parameters - required to reset an account password
        callback - a callback that receives a BaseResponse

      • resetByEmail

         abstract StytchResult<EmailResetResponseData> resetByEmail(Passwords.ResetByEmailParameters parameters)

        Reset the member’s password and authenticate them. This endpoint checks that the magic link token is valid, hasn’t expired, or already been used. The provided password needs to meet our password strength requirements, which can be checked in advance with the strengthCheck method. If the token and password are accepted, the password is securely stored for future authentication and the member is authenticated.

        Parameters:
        parameters - required to reset an account password
        Returns:

        EmailResetResponse

      • resetByEmail

         abstract Unit resetByEmail(Passwords.ResetByEmailParameters parameters, Function1<StytchResult<EmailResetResponseData>, Unit> callback)

        Reset the member’s password and authenticate them. This endpoint checks that the magic link token is valid, hasn’t expired, or already been used. The provided password needs to meet our password strength requirements, which can be checked in advance with the strengthCheck method. If the token and password are accepted, the password is securely stored for future authentication and the member is authenticated.

        Parameters:
        parameters - required to reset an account password
        callback - a callback that receives an EmailResetResponse

      • resetByEmailCompletable

         abstract CompletableFuture<StytchResult<EmailResetResponseData>> resetByEmailCompletable(Passwords.ResetByEmailParameters parameters)

        Reset the member’s password and authenticate them. This endpoint checks that the magic link token is valid, hasn’t expired, or already been used. The provided password needs to meet our password strength requirements, which can be checked in advance with the strengthCheck method. If the token and password are accepted, the password is securely stored for future authentication and the member is authenticated.

        Parameters:
        parameters - required to reset an account password
        Returns:

        EmailResetResponse

      • resetByExisting

         abstract StytchResult<PasswordResetByExistingPasswordResponseData> resetByExisting(Passwords.ResetByExistingPasswordParameters parameters)

        Reset the member’s password and authenticate them. This endpoint checks that the existing password matches the stored value. The provided password needs to meet our password strength requirements, which can be checked in advance with the password strength endpoint. If the password and accompanying parameters are accepted, the password is securely stored for future authentication and the member is authenticated.

        Parameters:
        parameters - required to reset a member's password
        Returns:

        PasswordResetByExistingPasswordResponse

      • resetByExisting

         abstract Unit resetByExisting(Passwords.ResetByExistingPasswordParameters parameters, Function1<StytchResult<PasswordResetByExistingPasswordResponseData>, Unit> callback)

        Reset the member’s password and authenticate them. This endpoint checks that the existing password matches the stored value. The provided password needs to meet our password strength requirements, which can be checked in advance with the password strength endpoint. If the password and accompanying parameters are accepted, the password is securely stored for future authentication and the member is authenticated.

        Parameters:
        parameters - required to reset a member's password
        callback - a callback that receives an PasswordResetByExistingPasswordResponse

      • resetByExistingCompletable

         abstract CompletableFuture<StytchResult<PasswordResetByExistingPasswordResponseData>> resetByExistingCompletable(Passwords.ResetByExistingPasswordParameters parameters)

        Reset the member’s password and authenticate them. This endpoint checks that the existing password matches the stored value. The provided password needs to meet our password strength requirements, which can be checked in advance with the password strength endpoint. If the password and accompanying parameters are accepted, the password is securely stored for future authentication and the member is authenticated.

        Parameters:
        parameters - required to reset a member's password
        Returns:

        PasswordResetByExistingPasswordResponse

      • resetBySession

         abstract StytchResult<SessionResetResponseData> resetBySession(Passwords.ResetBySessionParameters parameters)

        Reset the member’s password and authenticate them. This endpoint checks that the session is valid and hasn’t expired or been revoked. The provided password needs to meet our password strength requirements, which can be checked in advance with the password strength endpoint. If the password and accompanying parameters are accepted, the password is securely stored for future authentication and the member is authenticated.

        Parameters:
        parameters - required to reset a member's password
        Returns:

        SessionResetResponse

      • resetBySession

         abstract Unit resetBySession(Passwords.ResetBySessionParameters parameters, Function1<StytchResult<SessionResetResponseData>, Unit> callback)

        Reset the member’s password and authenticate them. This endpoint checks that the session is valid and hasn’t expired or been revoked. The provided password needs to meet our password strength requirements, which can be checked in advance with the password strength endpoint. If the password and accompanying parameters are accepted, the password is securely stored for future authentication and the member is authenticated.

        Parameters:
        parameters - required to reset a member's password
        callback - a callback that receives an SessionResetResponse

      • resetBySessionCompletable

         abstract CompletableFuture<StytchResult<SessionResetResponseData>> resetBySessionCompletable(Passwords.ResetBySessionParameters parameters)

        Reset the member’s password and authenticate them. This endpoint checks that the session is valid and hasn’t expired or been revoked. The provided password needs to meet our password strength requirements, which can be checked in advance with the password strength endpoint. If the password and accompanying parameters are accepted, the password is securely stored for future authentication and the member is authenticated.

        Parameters:
        parameters - required to reset a member's password
        Returns:

        SessionResetResponse

      • strengthCheck

         abstract StytchResult<StrengthCheckResponseData> strengthCheck(Passwords.StrengthCheckParameters parameters)

        This method allows you to check whether or not the member’s provided password is valid, and to provide feedback to the member on how to increase the strength of their password.

        Parameters:
        parameters - required to advise on password strength
        Returns:

        PasswordStrengthCheckResponse

      • strengthCheck

         abstract Unit strengthCheck(Passwords.StrengthCheckParameters parameters, Function1<StytchResult<StrengthCheckResponseData>, Unit> callback)

        This method allows you to check whether or not the member’s provided password is valid, and to provide feedback to the member on how to increase the strength of their password.

        Parameters:
        parameters - required to advise on password strength
        callback - a callback that receives a PasswordStrengthCheckResponse

      • strengthCheckCompletable

         abstract CompletableFuture<StytchResult<StrengthCheckResponseData>> strengthCheckCompletable(Passwords.StrengthCheckParameters parameters)

        This method allows you to check whether or not the member’s provided password is valid, and to provide feedback to the member on how to increase the strength of their password.

        Parameters:
        parameters - required to advise on password strength
        Returns:

        PasswordStrengthCheckResponse