Apex Change Password option for end users

Question

I have created an apex application and I have some end users which should log in to the application and use it, I realized that there is not any change password or reset password option for end users !!! How can I add it to login page ?? I have done that based on this link, but the problem is when any username is not entered, it goes to the change password page and after presseing the change password button an internal error box appears !

https://apex-de.blogspot.com/2017/11/change-apexuser-password-for-end-users.html

Answer 1

That page in the blog does not mention a username. And it shouldn't because a user should only be able to set/change a password for himself. Usually there are 2 ways to change a password, both can be implemented together:

• A form that is accessible to any user that is logged in. That way you're sure that the password is changed for the actual user.
• A link on the home page that points to a public form in which the user can enter his email address that is linked to his account. When the form is submitted the user gets an email with a link that contains a unique code that is linked to his email and only valid for x minutes. The email verification is needed to ensure the user that wants to change the password is who he says he is. Clicking on the link allows the user change the password. At no point the password is displayed to the user or emailed to the user.

Both of those can be implemented in apex - the api to change a users password is APEX_UTIL.CHANGE_CURRENT_USER_PW as mentioned in the blog.

The reason that by default there is no password management is that the authentication scheme "Application Express users" is rarely used for production applications. Usually it's social sign in, LDAP, SSO or SAML and "Application Express users" is only there for development purposes.