Password Management Guide

Local vs OAuth Accounts

GeoHazardWatch supports two types of user accounts:

🔑 Local Accounts

• Username & Password: Stored locally in the platform
• Password Changes: Can change password through profile page
• Registration: Available through /register page
• Authentication: Direct login with username/password

🌐 OAuth/External Accounts

• External Provider: Managed by OAuth providers (Google, GitHub, etc.)
• No Local Password: Password is managed by the external provider
• Password Changes: Must be done through the OAuth provider's system
• Authentication: Via JWT tokens or OAuth flow

Changing Your Password

For Local Accounts

1. Access Profile: Click your username in the top-right menu → "Profile"
2. Current Password: Enter your current password for verification
3. New Password: Enter your new password (minimum 6 characters)
4. Confirm: Re-enter your new password to confirm
5. Save: Click "Update Profile" to save changes

For OAuth Accounts

OAuth accounts cannot change passwords through the platform interface. To change your password:

1. Visit your OAuth provider's website (Google, GitHub, etc.)
2. Change your password through their account settings
3. The change will automatically apply to your access

Security Features

• Password Validation: Minimum 6 characters required
• Current Password Verification: Must provide current password to change
• Secure Hashing: Passwords are stored using SHA-256 with salt
• Session Management: Secure cookie-based sessions
• External Integration: JWT token support for OAuth providers

Account Types

You can identify your account type on your profile page:

• Local Account: Shows "Local Account" badge and password change form
• OAuth Account: Shows "OAuth/External" badge with provider information

Troubleshooting

"Current password is incorrect"

• Verify you're entering your current password correctly
• Check if your account is a local account (not OAuth)

"Cannot change password for OAuth accounts"

• Your account is managed externally
• Change password through your OAuth provider

Password requirements not met

• Ensure password is at least 6 characters
• Verify new password and confirmation match

Admin Features

Administrators can:

• Reset passwords for local user accounts
• Manage user roles and permissions
• View user account types and login history
• Create new local or external user accounts

For more help, contact your administrator.