This is a pet project that makes password changes secure for certain people that I know.
This is a rails project: I will assume familiarity with the framework and underlying tooling.
bundle installAdd correct variables to .env. See .env.example for the template.
You can obtain your unique-to-you Trusona credentials at dashboard.trusona.com
Do set TRUSONA_TOKEN and TRUSONA_SECRET environment variables with those credentials.
Additionally, while there, create a Generic OIDC Integration and provide the Client ID to an environment variable named OIDC_CLIENT_ID
Configure your authorized users via ENV['AUTHORIZED_USERS']
This set of users can be dynamically obtained from a database or a remote service. Your choice.
Configure a change password command that would be executed once authorization and authentication is verified.
This is done expected via ENV['PASSWD_SH']
It will receive two arguments in order: the username and the new password
As is standard, it should exit with zero to indicate success and non-zero to indicate failure.
On success, a "your password was changed" email will be sent for confirmation, otherwise not.
Of course, there is an implied assumption that the "username" is an email address. Doh!
bundle exec rakebundle exec rails s