Account recovery admin feature

[FlxMgdnz]

As an Admin, I would love a way to initialize an account recovery on behalf of a user.

For that, the ability to change the email address / adding another email address for a user would be beneficial.

Just initiating a passcode wouldn't work because the user wouldn't be at the passcode entry screen. So we could either

• send a plain email to one of the user's email addresses that just asks the user to sign in with this email address at xyz.com or
• Send a passcode email with a link that, if clicked, directs the user to the passcode entry view
• add some form of passlink feature that can authenticate the user directly and trigger a password recovery (if passwords are enabled)

[McPizza0]

Would be good for Admins to make an API call to Hanko, and get the recovery info in the response (passcode, link, token, etc)

The app can handle sending the information on to the user in the most suitable way.

[irby]

I think for password-based flows, the third bullet point is fine since that seems to be standard industry practice.

For non-password based flows, I prefer the first bullet point over the second. Passcodes are initiated when a user enters their email on the login screen and we wouldn't need to construct a separate passcode flow for the recovery process. And, if passkeys are enabled, they can use that form of verification instead of passcodes.

I think both password and non-password based flows would need to be considered for this request.

[FlxMgdnz]

Work on #1051 has started. We'll add the option to add / change a user's email to Hanko Cloud Console based on the new endpoint.