A customer fails to reset his or her password due to the error:
Invalid authorization code. Please check spelling and try again.
Procedure to reset customer's password consists of the following steps:
- Customer clicks the link 'Forgot your password' and specifies his or her e-mail address.
- OBAS sends authorization code and confirmation link to the specified e-mail address.
- Customer confirms the e-mail address by clicking the link: http://OBASHostname/cp/login.cgi/act,reset/email,firstname.lastname@example.org/?auth_code=VIifqn3If/UuSkTquoA2KkzMOp
- Customer sets a new password. When customer sets a new password the above error can take place.
This error means that either a wrong authorization code was entered or the code had already been used, which means that the customer had already set a new password but repeated an attempt to enter a new password with the same authorization code.
The customer should request a new authoruzation code for the account and set a new password.
The following entry in the /var/log/hspc/hspc.log file indicates that customer has already set a new password. Once new password is set, current authorization code will not work anymore.
[2012/10/29 15:47:10] [INFO]  [HSPC::MT::Core::Person::save] Try update person, person_id = 2742. Success with person_id = 2742.
Check also if the "Password has been changed for person" event is enabled under
Top > Configuration Director > Event Manager > Events. If it is disabled a customer will not recieve a confirmation e-mail about password changing and probably would continue attempts to set a new password using the same authorization code.