Add documentation for password reset enforcer and update 7.3.0 release note

[NipuniBhagya]

Purpose

This pull request adds comprehensive documentation and navigation support for the new Password Reset Enforcer connector in WSO2 Identity Server. It introduces new documentation pages, updates navigation, and provides detailed setup, usage, and reference guides for the connector. Additionally, it describes enhancements to password expiry enforcement in the product release notes.

Documentation and Navigation for Password Reset Enforcer:

• Added new documentation pages for the Password Reset Enforcer connector, including overview, setup, usage, reference, and try-it guides under en/identity-server/next/docs/connectors/password-reset-enforcer/. These pages include content from newly created includes. [1] [2] [3] [4] [5]
• Created new include files with detailed content for the connector: overview, setup instructions, usage guide (including adaptive script example), reference (event handler configuration, enforcement scope, app native support), and a quick try-it guide. [1] [2] [3] [4] [5]
• Updated the navigation in mkdocs.yml to add Password Reset Enforcer and its subpages under the connectors section.
• Added the Password Reset Enforcer icon to the connector list in base.yml for improved UI representation.

Product Release Notes:

• Updated the release notes to describe enhanced password expiry reset enforcement, including the new enforcement scope options and support for app native authentication flows.

Other Minor Changes:

• Updated copyright year in base.yml.

Related PRs

Test environment

Security checks

• Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines?
• Ran FindSecurityBugs plugin and verified report?
• Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets?

[coderabbitai]

📝 Walkthrough

Walkthrough

Added comprehensive documentation and configuration for a new Password Reset Enforcer connector, including navigation updates, five new documentation pages, five include files with detailed content, and release notes describing the connector's features and password expiry enforcement capabilities.

Changes

Cohort / File(s)	Summary
Configuration & Navigation en/base.yml, en/identity-server/next/mkdocs.yml	Updated copyright header year (2023-2026) and added a Password Reset Enforcer nav icon entry; registered a new Connectors section with five sub-pages in mkdocs navigation.
Password Reset Enforcer Documentation Pages en/identity-server/next/docs/connectors/password-reset-enforcer/overview.md, .../reference.md, .../set-up.md, .../try-it.md, .../usage.md	Added five new pages using templates/connector.html, each including shared content from the corresponding includes files.
Password Reset Enforcer Include Files en/includes/connectors/password-reset-enforcer/overview.md, reference.md, set-up.md, try-it.md, usage.md	Added five include files: overview, reference (TOML handler config and properties), setup/install steps, try-it workflow, and usage guide with enforcement scope and adaptive-script details.
Release Notes en/identity-server/next/docs/get-started/about-this-release.md	Added release note describing "Enforce password expiry for" setting, scope modes (all vs selected application flows), app-native flow support, and passwordResetComplete authentication-context property.

Suggested labels

Team/Authentication & registration, Team/User & identity administration

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and accurately summarizes the main changes: adding documentation for the Password Reset Enforcer connector and updating release notes.
Description check	✅ Passed	The PR description provides comprehensive detail about documentation additions, navigation updates, and release notes changes. However, the description template requires Test environment and Security checks sections, which are present but not filled out.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (4)

en/includes/connectors/password-reset-enforcer/try-it.md (1)

5-17: Use a numbered list for this procedure.

Lines 5–17 define ordered steps, so format them as a numbered list instead of step headings.

♻️ Suggested edit

-## Step 1: Create a sample application
-
-Create a sample application by following one of the guides under **Get started**.
-
-For example, see [Sample React SPA]({{base_path}}/get-started/try-samples/qsg-spa-react/).
-
-## Step 2: Add Password Reset Enforcer to the login flow
-
-Follow [Usage]({{base_path}}/connectors/password-reset-enforcer/usage/) to add **Password Reset Enforcer** to the application's **Login Flow**.
-
-## Step 3: Test the sign-in behavior
-
-Start a sign-in flow to the application using a user account that has an expired password. {{product_name}} redirects the user to the password reset screen before completing authentication.
+1. Create a sample application by following one of the guides under **Get started**.
+   For example, see [Sample React SPA]({{base_path}}/get-started/try-samples/qsg-spa-react/).
+
+2. Follow [Usage]({{base_path}}/connectors/password-reset-enforcer/usage/) to add **Password Reset Enforcer** to the application's **Login Flow**.
+
+3. Start a sign-in flow to the application using a user account with an expired password.
+   {{product_name}} redirects the user to the password reset screen before completing authentication.

As per coding guidelines: "Use numbered lists for procedures and ordered steps; use bulleted lists for non-sequential information."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@en/includes/connectors/password-reset-enforcer/try-it.md` around lines 5 -
17, Replace the three "Step X:" headings with a single numbered list so the
procedure is formatted as an ordered sequence: convert "Step 1: Create a sample
application", "Step 2: Add Password Reset Enforcer to the login flow", and "Step
3: Test the sign-in behavior" into list items 1–3, preserving the existing text
and links (e.g., the Sample React SPA link and the Usage link) and keeping the
note about using an expired-password account; ensure numbering is sequential and
remove the individual "Step" headings.

en/includes/connectors/password-reset-enforcer/usage.md (1)

72-72: Hyphenate compound modifier.

Use "app-native" (with hyphen) when it modifies "authentication flows" to follow standard English grammar for compound adjectives.

📝 Proposed fix

-    Password Reset Enforcer supports both redirect-based and app native authentication flows.
+    Password Reset Enforcer supports both redirect-based and app-native authentication flows.

As per coding guidelines: compound modifiers should be hyphenated for clarity.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@en/includes/connectors/password-reset-enforcer/usage.md` at line 72, Update
the compound modifier in the sentence "Password Reset Enforcer supports both
redirect-based and app native authentication flows." by hyphenating "app native"
to "app-native" so it reads "Password Reset Enforcer supports both
redirect-based and app-native authentication flows." This change ensures the
compound adjective is grammatically correct and consistent with
"redirect-based."

en/includes/connectors/password-reset-enforcer/overview.md (1)

13-13: Use a colon to introduce the list.

When introducing a list or sequence of items, use a colon instead of a comma for clarity.

📝 Suggested fix

-How it works,
+How it works:

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@en/includes/connectors/password-reset-enforcer/overview.md` at line 13,
Replace the comma after the heading phrase "How it works," with a colon to
properly introduce the subsequent list or sequence; update the text in
overview.md so the line reads "How it works:" ensuring the colon is used instead
of the comma to improve clarity.

en/identity-server/next/docs/get-started/about-this-release.md (1)

330-331: Hyphenate compound modifier.

Use "app-native" (with hyphen) when it modifies "authentication flows" to follow standard English grammar for compound adjectives.

Note: This change is already included in the trailing spaces fix above.

As per coding guidelines: compound modifiers should be hyphenated for clarity.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@en/identity-server/next/docs/get-started/about-this-release.md` around lines
330 - 331, The phrase "app native authentication flows" should be updated to
hyphenate the compound modifier: replace occurrences of "app native
authentication flows" with "app-native authentication flows" (look for the exact
string "The Password Reset Enforcer now also supports app native authentication
flows" or the phrase "app native authentication flows" in the document) so the
compound adjective is grammatically correct; ensure spacing and trailing-space
fixes remain intact.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@en/identity-server/next/docs/get-started/about-this-release.md`:
- Around line 320-328: The release note uses inconsistent enforcement scope
names ("All organization users" and "Specific application login flows"); update
the text to match the reference.md terminology by replacing "All organization
users" with "All application login flows" and "Specific application login flows"
with "Selected application login flows" so the two bullet headings and any
related sentences (the lines containing those exact phrases) use the exact
reference.md terms for consistency.
- Around line 313-330: Remove all trailing whitespace in the Markdown content
around the "Enforce password expiry for" section and the following bullet
paragraphs (the lines ending after "Password Validation", "enabled and the
password reset enforcement feature is activated via configuration.", the bullet
lines for "All organization users (default):" and "Specific application login
flows:", and the line "The Password Reset Enforcer now also supports app
native") so the Markdown linter stops failing; locate those exact text fragments
in about-this-release.md and trim any spaces at the ends of those lines.

In `@en/includes/connectors/password-reset-enforcer/set-up.md`:
- Line 47: Fix the typo in the heading text "Enable the password reset
enforcement scope configurarion (WSO2 Identity Server 7.3 and later)" by
changing "configurarion" to "configuration" so the heading reads "Enable the
password reset enforcement scope configuration (WSO2 Identity Server 7.3 and
later) — update the heading string in the markdown file where this exact heading
occurs.

---

Nitpick comments:
In `@en/identity-server/next/docs/get-started/about-this-release.md`:
- Around line 330-331: The phrase "app native authentication flows" should be
updated to hyphenate the compound modifier: replace occurrences of "app native
authentication flows" with "app-native authentication flows" (look for the exact
string "The Password Reset Enforcer now also supports app native authentication
flows" or the phrase "app native authentication flows" in the document) so the
compound adjective is grammatically correct; ensure spacing and trailing-space
fixes remain intact.

In `@en/includes/connectors/password-reset-enforcer/overview.md`:
- Line 13: Replace the comma after the heading phrase "How it works," with a
colon to properly introduce the subsequent list or sequence; update the text in
overview.md so the line reads "How it works:" ensuring the colon is used instead
of the comma to improve clarity.

In `@en/includes/connectors/password-reset-enforcer/try-it.md`:
- Around line 5-17: Replace the three "Step X:" headings with a single numbered
list so the procedure is formatted as an ordered sequence: convert "Step 1:
Create a sample application", "Step 2: Add Password Reset Enforcer to the login
flow", and "Step 3: Test the sign-in behavior" into list items 1–3, preserving
the existing text and links (e.g., the Sample React SPA link and the Usage link)
and keeping the note about using an expired-password account; ensure numbering
is sequential and remove the individual "Step" headings.

In `@en/includes/connectors/password-reset-enforcer/usage.md`:
- Line 72: Update the compound modifier in the sentence "Password Reset Enforcer
supports both redirect-based and app native authentication flows." by
hyphenating "app native" to "app-native" so it reads "Password Reset Enforcer
supports both redirect-based and app-native authentication flows." This change
ensures the compound adjective is grammatically correct and consistent with
"redirect-based."

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: 56b01a88-4313-4e98-a76f-0bbefe410eb3

📥 Commits

Reviewing files that changed from the base of the PR and between e2f0113 and dd0eee8.

📒 Files selected for processing (13)

• en/base.yml
• en/identity-server/next/docs/connectors/password-reset-enforcer/overview.md
• en/identity-server/next/docs/connectors/password-reset-enforcer/reference.md
• en/identity-server/next/docs/connectors/password-reset-enforcer/set-up.md
• en/identity-server/next/docs/connectors/password-reset-enforcer/try-it.md
• en/identity-server/next/docs/connectors/password-reset-enforcer/usage.md
• en/identity-server/next/docs/get-started/about-this-release.md
• en/identity-server/next/mkdocs.yml
• en/includes/connectors/password-reset-enforcer/overview.md
• en/includes/connectors/password-reset-enforcer/reference.md
• en/includes/connectors/password-reset-enforcer/set-up.md
• en/includes/connectors/password-reset-enforcer/try-it.md
• en/includes/connectors/password-reset-enforcer/usage.md

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

en/identity-server/next/docs/get-started/about-this-release.md (1)

329-333: ⚠️ Potential issue | 🟡 Minor

Fix hyphenation and tighten wording for readability.

Line 329 should use “app-native”. Also, the sentence spanning Lines 331-333 is long and can be simplified.

✏️ Suggested edit

-The Password Reset Enforcer now also supports app native
-authentication flows in addition to the existing redirect-based flow.
-A new property is introduced in the authentication context to track the
-password reset completion status, enabling adaptive authentication scripts
-to conditionally control subsequent steps in the flow based on the outcome.
+The Password Reset Enforcer now supports app-native authentication flows and redirect-based flows.
+A new authentication-context property tracks password reset completion status. Adaptive authentication scripts can use this value to control the next steps in the flow.

As per coding guidelines: “Use plain language and short sentences.”

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@en/identity-server/next/docs/get-started/about-this-release.md` around lines
329 - 333, Change “app native” to “app-native” in the sentence about the
Password Reset Enforcer, and simplify the long sentence about the new property:
split it into two shorter sentences such as stating that a new property in the
authentication context tracks password reset completion status, and that
adaptive authentication scripts can use that property to conditionally control
subsequent steps; locate these edits around the mentions of "Password Reset
Enforcer" and "authentication context".

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@en/identity-server/next/docs/get-started/about-this-release.md`:
- Around line 317-318: The sentence that currently reads "This setting becomes
available under **Login & Registration** > **Password Validation** when password
expiration is enabled and the password reset enforcement feature is activated
via configuration." should be updated to use "password expiry" instead of
"password expiration" so terminology matches the rest of the document; locate
the sentence (the one beginning "This setting becomes available under **Login &
Registration** > **Password Validation**...") and replace "password expiration"
with "password expiry", and scan the surrounding section for any other instances
of "expiration" to make them consistent with "expiry".

---

Duplicate comments:
In `@en/identity-server/next/docs/get-started/about-this-release.md`:
- Around line 329-333: Change “app native” to “app-native” in the sentence about
the Password Reset Enforcer, and simplify the long sentence about the new
property: split it into two shorter sentences such as stating that a new
property in the authentication context tracks password reset completion status,
and that adaptive authentication scripts can use that property to conditionally
control subsequent steps; locate these edits around the mentions of "Password
Reset Enforcer" and "authentication context".

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: 91d1036e-89a6-4249-946e-7755e6d0951c

📥 Commits

Reviewing files that changed from the base of the PR and between dd0eee8 and 9e6f531.

📒 Files selected for processing (2)

• en/identity-server/next/docs/get-started/about-this-release.md
• en/includes/connectors/password-reset-enforcer/set-up.md

✅ Files skipped from review due to trivial changes (1)

• en/includes/connectors/password-reset-enforcer/set-up.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Keep terminology consistent: use “password expiry” throughout.

Line 317 switches to “password expiration” while the section uses “password expiry.” Please use one term consistently to avoid mixed terminology.

✏️ Suggested edit

-This setting becomes available under **Login & Registration** > **Password Validation** when password expiration is
+This setting becomes available under **Login & Registration** > **Password Validation** when password expiry is

As per coding guidelines: “Use one term per concept; do not switch terminology mid-document.”

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	This setting becomes available under **Login & Registration** > **Password Validation** when password expiration is
	enabled and the password reset enforcement feature is activated via configuration.
	This setting becomes available under **Login & Registration** > **Password Validation** when password expiry is
	enabled and the password reset enforcement feature is activated via configuration.

🧰 Tools

🪛 GitHub Check: Vale style check

[warning] 317-317:
[vale] reported by reviewdog 🐶
[WSO2-IAM.TooWordy] 'expiration' is too wordy.

Raw Output:
{"message": "[WSO2-IAM.TooWordy] 'expiration' is too wordy.", "location": {"path": "en/identity-server/next/docs/get-started/about-this-release.md", "range": {"start": {"line": 317, "column": 103}}}, "severity": "WARNING"}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@en/identity-server/next/docs/get-started/about-this-release.md` around lines
317 - 318, The sentence that currently reads "This setting becomes available
under **Login & Registration** > **Password Validation** when password
expiration is enabled and the password reset enforcement feature is activated
via configuration." should be updated to use "password expiry" instead of
"password expiration" so terminology matches the rest of the document; locate
the sentence (the one beginning "This setting becomes available under **Login &
Registration** > **Password Validation**...") and replace "password expiration"
with "password expiry", and scan the surrounding section for any other instances
of "expiration" to make them consistent with "expiry".

[himeshsiriwardana]

Let's add a simple logic diagram here to illustrate the enforcer.

[himeshsiriwardana]

This page is unnecessary as it adds no new information.

[himeshsiriwardana]

Don't mention version names here. Since documentation is versioned, only have info related to that version. Can't we use conditions?

[himeshsiriwardana]

Same as comment for the above title.

[himeshsiriwardana]

Shouldn't this be step 1? Or this page doesn't require steps IMO.

[himeshsiriwardana]

In this page the titles are not clear. Can you please use verbs in the titles so the action of each section is clear?

[himeshsiriwardana]

Someone who's not familiar with the event handler will find this confusing. Can we please add a small intro on what we are configuring here.