From e5523c969e9c9f391cee41888f4f3ca12fa942a5 Mon Sep 17 00:00:00 2001
From: hsiegeln <37154749+hsiegeln@users.noreply.github.com>
Date: Sat, 11 Apr 2026 10:57:28 +0200
Subject: [PATCH] fix: use correct Logto endpoint for password updates

PATCH /api/users/{id}/password, not /api/users/{id}. The general user
update endpoint rejected the password field with 422.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .../siegeln/cameleer/saas/identity/LogtoManagementClient.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/net/siegeln/cameleer/saas/identity/LogtoManagementClient.java b/src/main/java/net/siegeln/cameleer/saas/identity/LogtoManagementClient.java
index 3072a27..96465e7 100644
--- a/src/main/java/net/siegeln/cameleer/saas/identity/LogtoManagementClient.java
+++ b/src/main/java/net/siegeln/cameleer/saas/identity/LogtoManagementClient.java
@@ -402,7 +402,7 @@ public class LogtoManagementClient {
     public void updateUserPassword(String userId, String newPassword) {
         if (!isAvailable()) throw new IllegalStateException("Logto not configured");
         restClient.patch()
-            .uri(config.getLogtoEndpoint() + "/api/users/" + userId)
+            .uri(config.getLogtoEndpoint() + "/api/users/" + userId + "/password")
             .header("Authorization", "Bearer " + getAccessToken())
             .contentType(MediaType.APPLICATION_JSON)
             .body(Map.of("password", newPassword))