How to change password in the auth service?

What is the recommended way to change password for a user using the auth service?

You can use the IUserAuthRepository.UpdateUserAuth() API in your own Service. The last Service in this previous answer has an example.

Existing Users can call the /register Service again (using PUT) whilst their authenticated to update their registration info including password.

Thank you. I can certainly follow the example.

The /register PUT way does not work for me, I am getting this error:

  "ResponseStatus": {
    "ErrorCode": "ValidationException",
    "Message": "Validation failed: \r\n -- Username already exists\r\n -- Email already exists",

You need to be authenticated.

This works if the account is registered with the username.

If the account is created only with email, like with the MySQL backend, then the PUT always requires it.

"ErrorCode": "ValidationException",
"Message": "Validation failed: \r\n -- 'User Name' should not be empty.

Is there any workaround?

You can derive class from OrmLiteAuthRepository and override UpdateUserAuth method to write your own custom logic which updates user without username.

But I wonder why not to create username automatically and set it to the same value as email field has?

You cannot have a username with “@”. Is there a workaround?

Yes, I can subclass or create a new change password method. I just think it should be part of the ServiceStack itself?

ServiceStack uses model where username is a mandatory field. If you need to handle users without user names then you should write your own custom logic or create naming rule where username is distinguishly created from other user fields (such as email) which must be unique in database.

In your particular case with ‘@’ when create user you can replace the symbol to another one which is allowed by username validation rule.

Thank you so much.

I would prefer turning off that validation rule for ‘@’ for the MySQL ServiceStack Authentication. Can you please advise where to start looking?

And also, why is there such a rule in the first place?

You can change UserValidation either by using AuthFeature.IsValidUserName function delegate or by changing validation Regex via AuthFeature.ValidUserNameRegEx