Profile Management
The Profile Management system provides a set of tools that allow an authenticated principal to view and update their own account information.
All operations in this section are self-service,
meaning they are performed by a user on their own account.
They require a valid AccessToken for authentication.
Core Functions
The system supports the following key operations for managing a personal profile:
Profile Retrieval
This is accessible to all authenticated principals and can be requested through GET /api/auth/users/me.
You can retrieve the full profile information of the currently authenticated user. This includes personal details and connected identity providers.
Profile Update
This only works for users.
This action is accessible to all authenticated users and can be requested through PUT /api/auth/users/me.
You can update various fields of your profile, such as your username or other non-sensitive information.
Email Management
This only works for users.
The system provides dedicated functionality for changing your email address.
This is a sensitive operation and requires a StepUpToken in addition to your AccessToken.
Changing Email
This only works for users.
Your new email address will undergo a verification process. If email is enabled, a verification token will be sent to the new address. The change will only be finalized once the token is verified. If email is disabled, the change is instant.
This can be requested through PUT /api/auth/users/me/email.
Password Management
This only works for users.
For security, changing your password is a dedicated process that requires
both an AccessToken and a StepUpToken.
Changing Password
This only works for users.
You can set a new password for your account, which must meet the specified password policy
(minimum length, character types, etc.).
This can be requested through PUT /api/auth/users/me/password.
Avatar Management
This only works for users.
You can manage your user avatar through two separate actions.
Updating the Avatar
This only works for users.
You can upload a new image to be used as your profile picture.
This can be requested through PUT /api/auth/users/me/avatar.
Deleting the Avatar
This only works for users.
You can remove your current avatar.
This can be requested through DELETE /api/auth/users/me/avatar.
Account Deletion
For security, deleting your own account is a sensitive action
that requires a StepUpToken in addition to your AccessToken.
This is a permanent and irreversible action. Upon successful deletion,
your session will be terminated and all associated authentication cookies will be cleared from your browser.
This can be requested through DELETE /api/auth/users/me.