Add documentation for password reset enforcer and update 7.3.0 release note#6053
Merged
NipuniBhagya merged 5 commits intowso2:masterfrom Apr 20, 2026
Merged
Add documentation for password reset enforcer and update 7.3.0 release note#6053NipuniBhagya merged 5 commits intowso2:masterfrom
NipuniBhagya merged 5 commits intowso2:masterfrom
Conversation
Contributor
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yml Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughAdded documentation and navigation entries for a new "Password Reset Enforcer" connector and updated a copyright year; created connector overview, set-up, usage, and reference pages and includes; added release notes describing enforcement scope and authentication-context behavior. Changes
Possibly related PRs
Suggested reviewers
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 3
🧹 Nitpick comments (4)
en/includes/connectors/password-reset-enforcer/try-it.md (1)
5-17: Use a numbered list for this procedure.Lines 5–17 define ordered steps, so format them as a numbered list instead of step headings.
As per coding guidelines: "Use numbered lists for procedures and ordered steps; use bulleted lists for non-sequential information."♻️ Suggested edit
-## Step 1: Create a sample application - -Create a sample application by following one of the guides under **Get started**. - -For example, see [Sample React SPA]({{base_path}}/get-started/try-samples/qsg-spa-react/). - -## Step 2: Add Password Reset Enforcer to the login flow - -Follow [Usage]({{base_path}}/connectors/password-reset-enforcer/usage/) to add **Password Reset Enforcer** to the application's **Login Flow**. - -## Step 3: Test the sign-in behavior - -Start a sign-in flow to the application using a user account that has an expired password. {{product_name}} redirects the user to the password reset screen before completing authentication. +1. Create a sample application by following one of the guides under **Get started**. + For example, see [Sample React SPA]({{base_path}}/get-started/try-samples/qsg-spa-react/). + +2. Follow [Usage]({{base_path}}/connectors/password-reset-enforcer/usage/) to add **Password Reset Enforcer** to the application's **Login Flow**. + +3. Start a sign-in flow to the application using a user account with an expired password. + {{product_name}} redirects the user to the password reset screen before completing authentication.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@en/includes/connectors/password-reset-enforcer/try-it.md` around lines 5 - 17, Replace the three "Step X:" headings with a single numbered list so the procedure is formatted as an ordered sequence: convert "Step 1: Create a sample application", "Step 2: Add Password Reset Enforcer to the login flow", and "Step 3: Test the sign-in behavior" into list items 1–3, preserving the existing text and links (e.g., the Sample React SPA link and the Usage link) and keeping the note about using an expired-password account; ensure numbering is sequential and remove the individual "Step" headings.en/includes/connectors/password-reset-enforcer/usage.md (1)
72-72: Hyphenate compound modifier.Use "app-native" (with hyphen) when it modifies "authentication flows" to follow standard English grammar for compound adjectives.
📝 Proposed fix
- Password Reset Enforcer supports both redirect-based and app native authentication flows. + Password Reset Enforcer supports both redirect-based and app-native authentication flows.As per coding guidelines: compound modifiers should be hyphenated for clarity.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@en/includes/connectors/password-reset-enforcer/usage.md` at line 72, Update the compound modifier in the sentence "Password Reset Enforcer supports both redirect-based and app native authentication flows." by hyphenating "app native" to "app-native" so it reads "Password Reset Enforcer supports both redirect-based and app-native authentication flows." This change ensures the compound adjective is grammatically correct and consistent with "redirect-based."en/includes/connectors/password-reset-enforcer/overview.md (1)
13-13: Use a colon to introduce the list.When introducing a list or sequence of items, use a colon instead of a comma for clarity.
📝 Suggested fix
-How it works, +How it works:🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@en/includes/connectors/password-reset-enforcer/overview.md` at line 13, Replace the comma after the heading phrase "How it works," with a colon to properly introduce the subsequent list or sequence; update the text in overview.md so the line reads "How it works:" ensuring the colon is used instead of the comma to improve clarity.en/identity-server/next/docs/get-started/about-this-release.md (1)
330-331: Hyphenate compound modifier.Use "app-native" (with hyphen) when it modifies "authentication flows" to follow standard English grammar for compound adjectives.
Note: This change is already included in the trailing spaces fix above.
As per coding guidelines: compound modifiers should be hyphenated for clarity.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@en/identity-server/next/docs/get-started/about-this-release.md` around lines 330 - 331, The phrase "app native authentication flows" should be updated to hyphenate the compound modifier: replace occurrences of "app native authentication flows" with "app-native authentication flows" (look for the exact string "The Password Reset Enforcer now also supports app native authentication flows" or the phrase "app native authentication flows" in the document) so the compound adjective is grammatically correct; ensure spacing and trailing-space fixes remain intact.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@en/identity-server/next/docs/get-started/about-this-release.md`:
- Around line 320-328: The release note uses inconsistent enforcement scope
names ("All organization users" and "Specific application login flows"); update
the text to match the reference.md terminology by replacing "All organization
users" with "All application login flows" and "Specific application login flows"
with "Selected application login flows" so the two bullet headings and any
related sentences (the lines containing those exact phrases) use the exact
reference.md terms for consistency.
- Around line 313-330: Remove all trailing whitespace in the Markdown content
around the "Enforce password expiry for" section and the following bullet
paragraphs (the lines ending after "Password Validation", "enabled and the
password reset enforcement feature is activated via configuration.", the bullet
lines for "All organization users (default):" and "Specific application login
flows:", and the line "The Password Reset Enforcer now also supports app
native") so the Markdown linter stops failing; locate those exact text fragments
in about-this-release.md and trim any spaces at the ends of those lines.
In `@en/includes/connectors/password-reset-enforcer/set-up.md`:
- Line 47: Fix the typo in the heading text "Enable the password reset
enforcement scope configurarion (WSO2 Identity Server 7.3 and later)" by
changing "configurarion" to "configuration" so the heading reads "Enable the
password reset enforcement scope configuration (WSO2 Identity Server 7.3 and
later) — update the heading string in the markdown file where this exact heading
occurs.
---
Nitpick comments:
In `@en/identity-server/next/docs/get-started/about-this-release.md`:
- Around line 330-331: The phrase "app native authentication flows" should be
updated to hyphenate the compound modifier: replace occurrences of "app native
authentication flows" with "app-native authentication flows" (look for the exact
string "The Password Reset Enforcer now also supports app native authentication
flows" or the phrase "app native authentication flows" in the document) so the
compound adjective is grammatically correct; ensure spacing and trailing-space
fixes remain intact.
In `@en/includes/connectors/password-reset-enforcer/overview.md`:
- Line 13: Replace the comma after the heading phrase "How it works," with a
colon to properly introduce the subsequent list or sequence; update the text in
overview.md so the line reads "How it works:" ensuring the colon is used instead
of the comma to improve clarity.
In `@en/includes/connectors/password-reset-enforcer/try-it.md`:
- Around line 5-17: Replace the three "Step X:" headings with a single numbered
list so the procedure is formatted as an ordered sequence: convert "Step 1:
Create a sample application", "Step 2: Add Password Reset Enforcer to the login
flow", and "Step 3: Test the sign-in behavior" into list items 1–3, preserving
the existing text and links (e.g., the Sample React SPA link and the Usage link)
and keeping the note about using an expired-password account; ensure numbering
is sequential and remove the individual "Step" headings.
In `@en/includes/connectors/password-reset-enforcer/usage.md`:
- Line 72: Update the compound modifier in the sentence "Password Reset Enforcer
supports both redirect-based and app native authentication flows." by
hyphenating "app native" to "app-native" so it reads "Password Reset Enforcer
supports both redirect-based and app-native authentication flows." This change
ensures the compound adjective is grammatically correct and consistent with
"redirect-based."
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yml
Review profile: CHILL
Plan: Pro
Run ID: 56b01a88-4313-4e98-a76f-0bbefe410eb3
📒 Files selected for processing (13)
en/base.ymlen/identity-server/next/docs/connectors/password-reset-enforcer/overview.mden/identity-server/next/docs/connectors/password-reset-enforcer/reference.mden/identity-server/next/docs/connectors/password-reset-enforcer/set-up.mden/identity-server/next/docs/connectors/password-reset-enforcer/try-it.mden/identity-server/next/docs/connectors/password-reset-enforcer/usage.mden/identity-server/next/docs/get-started/about-this-release.mden/identity-server/next/mkdocs.ymlen/includes/connectors/password-reset-enforcer/overview.mden/includes/connectors/password-reset-enforcer/reference.mden/includes/connectors/password-reset-enforcer/set-up.mden/includes/connectors/password-reset-enforcer/try-it.mden/includes/connectors/password-reset-enforcer/usage.md
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (1)
en/identity-server/next/docs/get-started/about-this-release.md (1)
329-333:⚠️ Potential issue | 🟡 MinorFix hyphenation and tighten wording for readability.
Line 329 should use “app-native”. Also, the sentence spanning Lines 331-333 is long and can be simplified.
✏️ Suggested edit
-The Password Reset Enforcer now also supports app native -authentication flows in addition to the existing redirect-based flow. -A new property is introduced in the authentication context to track the -password reset completion status, enabling adaptive authentication scripts -to conditionally control subsequent steps in the flow based on the outcome. +The Password Reset Enforcer now supports app-native authentication flows and redirect-based flows. +A new authentication-context property tracks password reset completion status. Adaptive authentication scripts can use this value to control the next steps in the flow.As per coding guidelines: “Use plain language and short sentences.”
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@en/identity-server/next/docs/get-started/about-this-release.md` around lines 329 - 333, Change “app native” to “app-native” in the sentence about the Password Reset Enforcer, and simplify the long sentence about the new property: split it into two shorter sentences such as stating that a new property in the authentication context tracks password reset completion status, and that adaptive authentication scripts can use that property to conditionally control subsequent steps; locate these edits around the mentions of "Password Reset Enforcer" and "authentication context".
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@en/identity-server/next/docs/get-started/about-this-release.md`:
- Around line 317-318: The sentence that currently reads "This setting becomes
available under **Login & Registration** > **Password Validation** when password
expiration is enabled and the password reset enforcement feature is activated
via configuration." should be updated to use "password expiry" instead of
"password expiration" so terminology matches the rest of the document; locate
the sentence (the one beginning "This setting becomes available under **Login &
Registration** > **Password Validation**...") and replace "password expiration"
with "password expiry", and scan the surrounding section for any other instances
of "expiration" to make them consistent with "expiry".
---
Duplicate comments:
In `@en/identity-server/next/docs/get-started/about-this-release.md`:
- Around line 329-333: Change “app native” to “app-native” in the sentence about
the Password Reset Enforcer, and simplify the long sentence about the new
property: split it into two shorter sentences such as stating that a new
property in the authentication context tracks password reset completion status,
and that adaptive authentication scripts can use that property to conditionally
control subsequent steps; locate these edits around the mentions of "Password
Reset Enforcer" and "authentication context".
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yml
Review profile: CHILL
Plan: Pro
Run ID: 91d1036e-89a6-4249-946e-7755e6d0951c
📒 Files selected for processing (2)
en/identity-server/next/docs/get-started/about-this-release.mden/includes/connectors/password-reset-enforcer/set-up.md
✅ Files skipped from review due to trivial changes (1)
- en/includes/connectors/password-reset-enforcer/set-up.md
| @@ -0,0 +1,18 @@ | |||
| # Password Reset Enforcer | |||
Contributor
There was a problem hiding this comment.
Let's add a simple logic diagram here to illustrate the enforcer.
| @@ -0,0 +1,17 @@ | |||
| # Try it | |||
Contributor
There was a problem hiding this comment.
This page is unnecessary as it adds no new information.
| priorReminderTimeInDays = "0" | ||
| ``` | ||
|
|
||
| ## Step 3: Enable the authenticator (WSO2 Identity Server 7.0 and later) |
Contributor
There was a problem hiding this comment.
Don't mention version names here. Since documentation is versioned, only have info related to that version. Can't we use conditions?
| enable = true | ||
| ``` | ||
|
|
||
| ## Step 4: Enable the password reset enforcement scope configuration (WSO2 Identity Server 7.3 and later) |
Contributor
There was a problem hiding this comment.
Same as comment for the above title.
| 2. Enable **Password Expiration**. | ||
| 3. Select the users to whom the password expiry policy should apply using **Enforce password expiry for**. | ||
|
|
||
| ## Choose the password expiry enforcement scope |
Contributor
There was a problem hiding this comment.
Shouldn't this be step 1? Or this page doesn't require steps IMO.
| @@ -0,0 +1,59 @@ | |||
| # Reference | |||
Contributor
There was a problem hiding this comment.
In this page the titles are not clear. Can you please use verbs in the titles so the action of each section is clear?
| @@ -0,0 +1,59 @@ | |||
| # Reference | |||
|
|
|||
| ## Event handler configuration | |||
Contributor
There was a problem hiding this comment.
Someone who's not familiar with the event handler will find this confusing. Can we please add a small intro on what we are configuring here.
Contributor
There was a problem hiding this comment.
Actionable comments posted: 4
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@en/identity-server/next/docs/get-started/about-this-release.md`:
- Line 329: Update the sentence that currently reads "The Password Reset
Enforcer now also supports app native" to use the hyphenated compound adjective
"app-native"; locate this text (the phrase "Password Reset Enforcer now also
supports app native") in the document and change it to "app-native" so it
correctly reads "The Password Reset Enforcer now also supports app-native" when
modifying "authentication flows."
In `@en/includes/connectors/password-reset-enforcer/usage.md`:
- Line 72: The sentence in the Password Reset Enforcer documentation uses "app
native authentication flows" without a hyphen; update the compound adjective to
"app-native" so the sentence reads "app-native authentication flows". Locate the
string "Password Reset Enforcer supports both redirect-based and app native
authentication flows." (in the Password Reset Enforcer usage content) and insert
the hyphen between "app" and "native" to make it "app-native"; keep the rest of
the sentence unchanged and run a quick search for any other occurrences of "app
native authentication" to apply the same fix.
- Line 8: Replace the phrase "Enable and configure password expiration in your
organization." with wording that uses the document's consistent term "password
expiry" (e.g., "Enable and configure password expiry in your organization.") so
the line matches other occurrences of "password expiry" used elsewhere in the
document.
- Line 3: The document mixes "password expiration" and "password expiry" —
standardize prose to "password expiry" throughout: replace any lowercase or
sentence-case instances of "password expiration" with "password expiry" (e.g.,
the sentence at line containing "This guide explains how to enforce password
expiration..."), but leave the exact UI label "Password Expiration" (capitalized
and bold) unchanged when it refers to the setting name; ensure every other prose
occurrence (lines that currently read "password expiration") is updated to
"password expiry" for consistency.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yml
Review profile: CHILL
Plan: Pro
Run ID: f39f650b-fd7d-4793-a5cb-5abe88251a04
⛔ Files ignored due to path filters (1)
en/identity-server/next/docs/assets/img/connectors/password-reset-enforcer/password-reset-enforcer-overview.pngis excluded by!**/*.png
📒 Files selected for processing (6)
en/identity-server/next/docs/get-started/about-this-release.mden/identity-server/next/mkdocs.ymlen/includes/connectors/password-reset-enforcer/overview.mden/includes/connectors/password-reset-enforcer/reference.mden/includes/connectors/password-reset-enforcer/set-up.mden/includes/connectors/password-reset-enforcer/usage.md
✅ Files skipped from review due to trivial changes (4)
- en/identity-server/next/mkdocs.yml
- en/includes/connectors/password-reset-enforcer/overview.md
- en/includes/connectors/password-reset-enforcer/reference.md
- en/includes/connectors/password-reset-enforcer/set-up.md
Contributor
There was a problem hiding this comment.
♻️ Duplicate comments (1)
en/includes/connectors/password-reset-enforcer/usage.md (1)
65-65:⚠️ Potential issue | 🟡 MinorKeep one term for the same concept: use “password expiry.”
Line 65 switches to “password expiration rules,” while the rest of this page uses “password expiry.”
As per coding guidelines: "Use one term per concept; do not switch terminology mid-document or randomly mix expanded and abbreviated forms."✏️ Proposed fix
-1. Ensure the user account has an expired password based on your configured password expiration rules. +1. Ensure the user account has an expired password based on your configured password expiry rules.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@en/includes/connectors/password-reset-enforcer/usage.md` at line 65, The document mixes terminology—replace the phrase "password expiration rules" (the sentence "Ensure the user account has an expired password based on your configured password expiration rules.") with "password expiry" terminology to match the rest of the page; update it to read something like "Ensure the user account has an expired password based on your configured password expiry rules" and scan for any other instances of "expiration/expiration rules" and standardize them to "expiry" to keep terminology consistent.
🧹 Nitpick comments (1)
en/includes/connectors/password-reset-enforcer/usage.md (1)
18-20: Use repository-standard login terminology consistently.This file uses
sign-in/sign in, but the repository convention islogin(noun/adjective) andlog in(verb). Please align those occurrences.Based on learnings: "Enforce the established terminology in the wso2/docs-is repository: use 'log in' as the verb and 'login' as the noun/adjective consistently across all Markdown documentation."✏️ Proposed wording update
-- **All application login flows** (default): Applies the password expiry policy to all users during sign-in, regardless of the application they access. For applications with **Password Reset Enforcer** in the login flow, enforcement is triggered inline at the configured step and the organization-wide enforcement is skipped for those applications. +- **All application login flows** (default): Applies the password expiry policy to all users during login, regardless of the application they access. For applications with **Password Reset Enforcer** in the login flow, enforcement is triggered inline at the configured step and the organization-wide enforcement is skipped for those applications. -- **Selected application login flows**: Disables organization-wide password expiry enforcement. Enforces password expiry only when users sign in to applications that explicitly include **Password Reset Enforcer** in the login flow. +- **Selected application login flows**: Disables organization-wide password expiry enforcement. Enforces password expiry only when users log in to applications that explicitly include **Password Reset Enforcer** in the login flow. -2. Start a sign-in flow to the application. +2. Start a login flow for the application.Also applies to: 67-67
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@en/includes/connectors/password-reset-enforcer/usage.md` around lines 18 - 20, The document uses inconsistent terms "sign-in"/"sign in"; update the phrases inside the sections titled "All application login flows" and "Selected application login flows" to use the repository-standard terminology: use "login" for the noun/adjective and "log in" for the verb (e.g., replace "sign in" or "sign-in" with "log in" and keep "login flows" as written); ensure all occurrences in those two paragraphs (and the occurrence noted at line 67) are changed to match this convention.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Duplicate comments:
In `@en/includes/connectors/password-reset-enforcer/usage.md`:
- Line 65: The document mixes terminology—replace the phrase "password
expiration rules" (the sentence "Ensure the user account has an expired password
based on your configured password expiration rules.") with "password expiry"
terminology to match the rest of the page; update it to read something like
"Ensure the user account has an expired password based on your configured
password expiry rules" and scan for any other instances of
"expiration/expiration rules" and standardize them to "expiry" to keep
terminology consistent.
---
Nitpick comments:
In `@en/includes/connectors/password-reset-enforcer/usage.md`:
- Around line 18-20: The document uses inconsistent terms "sign-in"/"sign in";
update the phrases inside the sections titled "All application login flows" and
"Selected application login flows" to use the repository-standard terminology:
use "login" for the noun/adjective and "log in" for the verb (e.g., replace
"sign in" or "sign-in" with "log in" and keep "login flows" as written); ensure
all occurrences in those two paragraphs (and the occurrence noted at line 67)
are changed to match this convention.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yml
Review profile: CHILL
Plan: Pro
Run ID: ca2d01ed-0122-49ad-9c6b-eca67d8e94b7
📒 Files selected for processing (2)
en/identity-server/next/docs/get-started/about-this-release.mden/includes/connectors/password-reset-enforcer/usage.md
✅ Files skipped from review due to trivial changes (1)
- en/identity-server/next/docs/get-started/about-this-release.md
himeshsiriwardana
approved these changes
Apr 20, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Purpose
This pull request adds comprehensive documentation and navigation support for the new Password Reset Enforcer connector in WSO2 Identity Server. It introduces new documentation pages, updates navigation, and provides detailed setup, usage, and reference guides for the connector. Additionally, it describes enhancements to password expiry enforcement in the product release notes.
Documentation and Navigation for Password Reset Enforcer:
en/identity-server/next/docs/connectors/password-reset-enforcer/. These pages include content from newly created includes. [1] [2] [3] [4] [5]mkdocs.ymlto add Password Reset Enforcer and its subpages under the connectors section.base.ymlfor improved UI representation.Product Release Notes:
Other Minor Changes:
base.yml.Related PRs
Test environment
Security checks