I wanted to thank the ThingWorx dev team on getting us something that we've been asking for since v4.0: A Reset Password mechanism on the Org login.
We developed our own very similar mechanism with expiring AppKeys and whatnot but there was not a good way to get it on the Org's Form Login page.
But I do have some... suggestions..... for future improvements because as is, it does not really work for us, or any of our existing Devicify customers.
The email text is static, it says it's from Thingworx, and that's fine until you realize that all of our customers' customers have no idea what ThingWorx is. Same with many of ThingWorx customers - they have their own customers they are developing applications for, and those customers don't know or care what ThingWorx is. They just know they are at Website XYZ or Application XYZ. A website with a really bad URL. I digress....
Because of that, I think this should have been done in a slightly different way (and still can be!)
Instead of some behind the scenes email generation script, why not just put an Event on the Organization: ResetPasswordEvent. Or maybe on the MailServer. (Maybe it's a separate ResetPasswordMailserver template that incorporates an additional ThingShape or something to add on any existing MailServer thing.)
And the data coming into the event?
- STRING Appkey that was created
- DATETIME Expiration
- URL for the Reset Password Page
- ORGANIZATION that ResetPassword was fired on
- STRING source (see comment below on other ways to trigger this.)
And then also a Service on the Org, ResetPassword(USERNAME), to start this process via another access method. As of now it looks like the Form Login link is the only way to trigger this.
It also would be nice to have the following configurable on the Organization
- AppKey expiration
- Fields to match on user (instead of just first, last, email)
Using that method, a developer/designer can subscribe to the event and do whatever they want to do, send whatever email via they want the MailServer, or some external thing they've developed or integrated with, and with a larger or smaller Expiration on the app key, and have other options for challenge questions.
Doing it this way does lose the very very easy setup in favor of flexability, like always in software design. But I suspect there would be a way to have a default java service that generates the current email and to have it called via dynamic subscription that is associated on an Orangization's ThingStart() if some property on the Organization (maybe Use Built In ThingWorx Password Reset Email) == true.
Just some ideas, trying to make this stuff better for you guys, our customers, etc. It would be interesting to me to hear from others what you think about this idea - perhaps our customers having their own customers and portals is odd.