/v2/recovery/password/init API only returns one recovery mode at a given time

[sanjulamadurapperuma]

Describe the issue:

It was observed that the recover via challenge questions option in the password-recovery-with-claims-options.jsp page in the accountrecoveryendpoint is not visible when triggering a password recovery flow with the challenge questions connector added in IS v7.0.0. The recovery flow that they follow is password recovery with multi claims as mentioned in [1].

It was also observed that upon one restart of WSO2 Identity Server the following REST API [2] that is being invoked in the above JSP page to determine if the recovery options are enabled or not returns only one recovery mode. Upon another server restart it returns another recovery mode, but not all recovery modes at the same time.

curl --location 'https://<IS_HOSTNAME>/api/users/v2/recovery/password/init' \
--header 'accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic <auth>' \
--data-raw '{
  "claims": [
    {
      "uri": "http://wso2.org/claims/givenname",
      "value": "<givenname>"
    },
    {
      "uri": "http://wso2.org/claims/emailaddress",
      "value": "<email>"
    },
    {
      "uri": "http://wso2.org/claims/lastname",
      "value": "<lastname>"
    }
  ]
}'

This needs to be fixed.

[1] - https://wso2docs.atlassian.net/wiki/spaces/IS570/pages/38176130/Password+Recovery#:~:text=REST%20APIs.-,Password%20recovery%20using%20multiple%20claims,-This%20feature%20allows
[2] - https://is.docs.wso2.com/en/latest/apis/user-account-recovery-v2-rest-api/#tag/Password-Recovery/operation/initiatePasswordRecovery

---

Optional Fields

Related issues:

Suggested labels: