I am trying to use crowd's built-in forgot password functionality over my app with spring security.But for this issue I guess I need have my own implementations. I also come accross this discussion which says I can avoid all complexities with dynamic auto-expiring links emails+database stuffs using authentication-flows. Has anyone done it before? What would be the best path forward? Can you share your experience about these?
The authentication-flows module can integrate with different types of DBs. Currently, I have implemented connections to SQL server as well as GAE (gae-datastore).
AFAI understand, you need your own implementation, one that can invoke (REST) calls to Atlassian DB. So there is a need to research what is the API of Atlassian, and what are their capabilities of 'create account', 'forgot password', 'change password' and so on, and of course what is their implementation (do they send emails to users etc).
Note that the authentication-flows delegates the call to the relevant implementation, for example create-account, and it expects the implementation nothing but creating the entry in the DB. So if Atlassian implementation involves with sending e-mails to users upon account-creation, the user will get 2 email: one from Atlassian and the 2nd from auth-flows, and it will be problematic.
EDIT:
After reading CROWD's REST APIs and Resources, is looks doable!