diff --git a/packages/core b/packages/core
index 8d3f13b1b7..c255f52c81 160000
--- a/packages/core
+++ b/packages/core
@@ -1 +1 @@
-Subproject commit 8d3f13b1b741fa4a8d83fae61460b9535fa7ee89
+Subproject commit c255f52c811f02d77797c10f8ed1993a6bcc883c
diff --git a/packages/server/appPackages/master/appDefinition.json b/packages/server/appPackages/master/appDefinition.json
index 7feb090949..6c6277ee41 100644
--- a/packages/server/appPackages/master/appDefinition.json
+++ b/packages/server/appPackages/master/appDefinition.json
@@ -1 +1 @@
-{"hierarchy":{"name":"root","type":"root","children":[{"name":"application","type":"record","fields":[{"name":"name","type":"string","typeOptions":{"maxLength":500,"values":null,"allowDeclaredValuesOnly":false},"label":"Name","getInitialValue":"default","getUndefinedValue":"default"},{"name":"domain","type":"string","typeOptions":{"maxLength":500,"values":null,"allowDeclaredValuesOnly":false},"label":"domain","getInitialValue":"default","getUndefinedValue":"default"},{"name":"application_resolve_strategy","type":"string","typeOptions":{"maxLength":100,"values":["domain","path"],"allowDeclaredValuesOnly":true},"label":"Resolve Application By","getInitialValue":"default","getUndefinedValue":"default"}],"children":[{"name":"user","type":"record","fields":[{"name":"unique_name","type":"string","typeOptions":{"maxLength":200,"values":null,"allowDeclaredValuesOnly":false},"label":"Name (unique)","getInitialValue":"default","getUndefinedValue":"default"},{"name":"active","type":"bool","typeOptions":{"allowNulls":false},"label":"Is Active","getInitialValue":"default","getUndefinedValue":"default"},{"name":"instance","type":"reference","typeOptions":{"indexNodeKey":"/applications/1-{id}/allinstances","reverseIndexNodeKeys":["/applications/1-{id}/instances/2-{id}/users_on_this_instance"],"displayValue":"name"},"label":"Instance","getInitialValue":"default","getUndefinedValue":"default"}],"children":[],"validationRules":[],"nodeId":8,"indexes":[],"allidsShardFactor":"64","collectionName":"users","isSingle":false},{"name":"instance","type":"record","fields":[{"name":"name","type":"string","typeOptions":{"maxLength":1000,"values":null,"allowDeclaredValuesOnly":false},"label":"Name","getInitialValue":"default","getUndefinedValue":"default"},{"name":"active","type":"bool","typeOptions":{"allowNulls":false},"label":"Is Active","getInitialValue":"default","getUndefinedValue":"default"},{"name":"version","type":"reference","typeOptions":{"indexNodeKey":"/applications/1-{id}/all_versions","reverseIndexNodeKeys":["/applications/1-{id}/versions/3-{id}/instances_on_this_version"],"displayValue":"name"},"label":"Version","getInitialValue":"default","getUndefinedValue":"default"},{"name":"datastoreconfig","type":"string","typeOptions":{"maxLength":1000,"values":null,"allowDeclaredValuesOnly":false},"label":"Datastore Config","getInitialValue":"default","getUndefinedValue":"default"}],"children":[],"validationRules":[],"nodeId":2,"indexes":[{"name":"users_on_this_instance","type":"index","map":"return {...record};","filter":"","indexType":"reference","getShardName":"","getSortKey":"record.id","aggregateGroups":[],"allowedRecordNodeIds":[],"nodeId":15}],"allidsShardFactor":1,"collectionName":"instances","isSingle":false},{"name":"version","type":"record","fields":[{"name":"name","type":"string","typeOptions":{"maxLength":200,"values":null,"allowDeclaredValuesOnly":false},"label":"Name","getInitialValue":"default","getUndefinedValue":"default"}],"children":[],"validationRules":[],"nodeId":3,"indexes":[{"name":"instances_for_this_version","type":"index","map":"return {name:record.name};","filter":"","indexType":"ancestor","getShardName":"","getSortKey":"record.id","aggregateGroups":[],"allowedRecordNodeIds":[],"nodeId":9},{"name":"instances_on_this_version","type":"index","map":"return {...record};","filter":"","indexType":"reference","getShardName":"","getSortKey":"record.id","aggregateGroups":[],"allowedRecordNodeIds":[],"nodeId":10}],"allidsShardFactor":1,"collectionName":"versions","isSingle":false},{"name":"session","type":"record","fields":[{"name":"created","type":"number","typeOptions":{"minValue":0,"maxValue":99999999999999,"decimalPlaces":0},"label":"Created","getInitialValue":"default","getUndefinedValue":"default"},{"name":"user_json","type":"string","typeOptions":{"maxLength":null,"values":null,"allowDeclaredValuesOnly":false},"label":"User Json","getInitialValue":"default","getUndefinedValue":"default"},{"name":"instanceDatastoreConfig","type":"string","typeOptions":{"maxLength":null,"values":null,"allowDeclaredValuesOnly":false},"label":"Instance Datastore Config","getInitialValue":"default","getUndefinedValue":"default"}],"children":[],"validationRules":[],"nodeId":16,"indexes":[],"allidsShardFactor":1,"collectionName":"sessions","isSingle":false}],"validationRules":[],"nodeId":1,"indexes":[{"name":"allinstances","type":"index","map":"return {...record};","filter":"","indexType":"ancestor","getShardName":"","getSortKey":"record.id","aggregateGroups":[],"allowedRecordNodeIds":[null],"nodeId":6},{"name":"activeinstances","type":"index","map":"return {...record};","filter":"record.active === false","indexType":"ancestor","getShardName":"","getSortKey":"record.id","aggregateGroups":[],"allowedRecordNodeIds":[null],"nodeId":7},{"name":"activeusers","type":"index","map":"return {...record};","filter":"record.active === true","indexType":"ancestor","getShardName":"","getSortKey":"record.id","aggregateGroups":[],"allowedRecordNodeIds":[null],"nodeId":14},{"name":"all_versions","type":"index","map":"return {...record};","filter":"","indexType":"ancestor","getShardName":"","getSortKey":"record.id","aggregateGroups":[],"allowedRecordNodeIds":[null,null,null],"nodeId":9}],"allidsShardFactor":64,"collectionName":"applications","isSingle":false},{"name":"mastersession","type":"record","fields":[{"name":"user_json","type":"string","typeOptions":{"maxLength":10000,"values":null,"allowDeclaredValuesOnly":false},"label":"User Json","getInitialValue":"default","getUndefinedValue":"default"}],"children":[],"validationRules":[],"nodeId":17,"indexes":[],"allidsShardFactor":64,"collectionName":"sessions","isSingle":false}],"pathMaps":[],"indexes":[{"name":"all_applications","type":"index","map":"return {...record};","filter":"","indexType":"ancestor","getShardName":"","getSortKey":"record.id","aggregateGroups":[],"allowedRecordNodeIds":[null],"nodeId":18}],"nodeId":0},"actions":{},"triggers":[]}
\ No newline at end of file
+{"hierarchy":{"name":"root","type":"root","children":[{"name":"application","type":"record","fields":[{"name":"name","type":"string","typeOptions":{"maxLength":500,"values":null,"allowDeclaredValuesOnly":false},"label":"Name","getInitialValue":"default","getUndefinedValue":"default"},{"name":"domain","type":"string","typeOptions":{"maxLength":500,"values":null,"allowDeclaredValuesOnly":false},"label":"domain","getInitialValue":"default","getUndefinedValue":"default"},{"name":"application_resolve_strategy","type":"string","typeOptions":{"maxLength":100,"values":["domain","path"],"allowDeclaredValuesOnly":true},"label":"Resolve Application By","getInitialValue":"default","getUndefinedValue":"default"}],"children":[{"name":"user","type":"record","fields":[{"name":"unique_name","type":"string","typeOptions":{"maxLength":200,"values":null,"allowDeclaredValuesOnly":false},"label":"Name (unique)","getInitialValue":"default","getUndefinedValue":"default"},{"name":"active","type":"bool","typeOptions":{"allowNulls":false},"label":"Is Active","getInitialValue":"default","getUndefinedValue":"default"},{"name":"instance","type":"reference","typeOptions":{"indexNodeKey":"/applications/1-{id}/allinstances","reverseIndexNodeKeys":["/applications/1-{id}/instances/2-{id}/users_on_this_instance"],"displayValue":"name"},"label":"Instance","getInitialValue":"default","getUndefinedValue":"default"}],"children":[],"validationRules":[],"nodeId":8,"indexes":[],"allidsShardFactor":"64","collectionName":"users","isSingle":false},{"name":"instance","type":"record","fields":[{"name":"name","type":"string","typeOptions":{"maxLength":1000,"values":null,"allowDeclaredValuesOnly":false},"label":"Name","getInitialValue":"default","getUndefinedValue":"default"},{"name":"active","type":"bool","typeOptions":{"allowNulls":false},"label":"Is Active","getInitialValue":"default","getUndefinedValue":"default"},{"name":"version","type":"reference","typeOptions":{"indexNodeKey":"/applications/1-{id}/all_versions","reverseIndexNodeKeys":["/applications/1-{id}/versions/3-{id}/instances_on_this_version"],"displayValue":"name"},"label":"Version","getInitialValue":"default","getUndefinedValue":"default"},{"name":"datastoreconfig","type":"string","typeOptions":{"maxLength":1000,"values":null,"allowDeclaredValuesOnly":false},"label":"Datastore Config","getInitialValue":"default","getUndefinedValue":"default"}],"children":[],"validationRules":[],"nodeId":2,"indexes":[{"name":"users_on_this_instance","type":"index","map":"return {...record};","filter":"","indexType":"reference","getShardName":"","getSortKey":"record.id","aggregateGroups":[],"allowedRecordNodeIds":[],"nodeId":15}],"allidsShardFactor":1,"collectionName":"instances","isSingle":false},{"name":"version","type":"record","fields":[{"name":"name","type":"string","typeOptions":{"maxLength":200,"values":null,"allowDeclaredValuesOnly":false},"label":"Name","getInitialValue":"default","getUndefinedValue":"default"}],"children":[],"validationRules":[],"nodeId":3,"indexes":[{"name":"instances_for_this_version","type":"index","map":"return {name:record.name};","filter":"","indexType":"ancestor","getShardName":"","getSortKey":"record.id","aggregateGroups":[],"allowedRecordNodeIds":[],"nodeId":9},{"name":"instances_on_this_version","type":"index","map":"return {...record};","filter":"","indexType":"reference","getShardName":"","getSortKey":"record.id","aggregateGroups":[],"allowedRecordNodeIds":[],"nodeId":10}],"allidsShardFactor":1,"collectionName":"versions","isSingle":false},{"name":"session","type":"record","fields":[{"name":"created","type":"number","typeOptions":{"minValue":0,"maxValue":99999999999999,"decimalPlaces":0},"label":"Created","getInitialValue":"default","getUndefinedValue":"default"},{"name":"user_json","type":"string","typeOptions":{"maxLength":null,"values":null,"allowDeclaredValuesOnly":false},"label":"User Json","getInitialValue":"default","getUndefinedValue":"default"},{"name":"instanceDatastoreConfig","type":"string","typeOptions":{"maxLength":null,"values":null,"allowDeclaredValuesOnly":false},"label":"Instance Datastore Config","getInitialValue":"default","getUndefinedValue":"default"}],"children":[],"validationRules":[],"nodeId":16,"indexes":[],"allidsShardFactor":1,"collectionName":"sessions","isSingle":false}],"validationRules":[],"nodeId":1,"indexes":[{"name":"allinstances","type":"index","map":"return {...record};","filter":"","indexType":"ancestor","getShardName":"","getSortKey":"record.id","aggregateGroups":[],"allowedRecordNodeIds":[null],"nodeId":6},{"name":"activeinstances","type":"index","map":"return {...record};","filter":"record.active === false","indexType":"ancestor","getShardName":"","getSortKey":"record.id","aggregateGroups":[],"allowedRecordNodeIds":[null],"nodeId":7},{"name":"activeusers","type":"index","map":"return {...record};","filter":"record.active === true","indexType":"ancestor","getShardName":"","getSortKey":"record.id","aggregateGroups":[],"allowedRecordNodeIds":[null],"nodeId":14},{"name":"all_versions","type":"index","map":"return {...record};","filter":"","indexType":"ancestor","getShardName":"","getSortKey":"record.id","aggregateGroups":[],"allowedRecordNodeIds":[null,null,null],"nodeId":9},{"name":"user_name_lookup","type":"index","map":"return {name:record.name, instanceDatastoreConfig:instance.datastoreconfig};","filter":"","indexType":"ancestor","getShardName":"record.name.substring(0,1)","getSortKey":"record.id","aggregateGroups":[],"allowedRecordNodeIds":[null],"nodeId":19}],"allidsShardFactor":64,"collectionName":"applications","isSingle":false},{"name":"mastersession","type":"record","fields":[{"name":"user_json","type":"string","typeOptions":{"maxLength":10000,"values":null,"allowDeclaredValuesOnly":false},"label":"User Json","getInitialValue":"default","getUndefinedValue":"default"}],"children":[],"validationRules":[],"nodeId":17,"indexes":[],"allidsShardFactor":64,"collectionName":"sessions","isSingle":false}],"pathMaps":[],"indexes":[{"name":"all_applications","type":"index","map":"return {...record};","filter":"","indexType":"ancestor","getShardName":"","getSortKey":"record.id","aggregateGroups":[],"allowedRecordNodeIds":[null],"nodeId":18}],"nodeId":0},"actions":{},"triggers":[]}
\ No newline at end of file
diff --git a/packages/server/middleware/routers.js b/packages/server/middleware/routers.js
index 2bee5fd9d4..fbb8020f43 100644
--- a/packages/server/middleware/routers.js
+++ b/packages/server/middleware/routers.js
@@ -35,10 +35,27 @@ module.exports = (config, app) => {
         ctx.response.status = StatusCodes.OK;
     })
     .post("/:appname/api/setPasswordFromTemporaryCode", async (ctx) => {
-        
+        const instanceApi = await ctx.master.getFullAccessInstanceApiForUsername(
+            ctx.params.appname,
+            ctx.request.body.username
+        );
+
+        await instanceApi.authApi.setPasswordFromTemporaryCode(
+            ctx.request.body.tempCode,
+            ctx.request.body.newpassword); 
+
+        ctx.response.status = StatusCodes.OK;
     })
     .post("/:appname/api/createTemporaryAccess", async (ctx) => {
+        const instanceApi = await ctx.master.getFullAccessInstanceApiForUsername(
+            ctx.params.appname,
+            ctx.request.body.username
+        );
+
+        await instanceApi.authApi.createTemporaryAccess(
+            ctx.request.body.username);
         
+        ctx.response.status = StatusCodes.OK;
     })
     .use(async (ctx, next) => {
 
diff --git a/packages/server/utilities/masterAppInternal.js b/packages/server/utilities/masterAppInternal.js
index 7c60581d3b..6d99842f73 100644
--- a/packages/server/utilities/masterAppInternal.js
+++ b/packages/server/utilities/masterAppInternal.js
@@ -123,14 +123,45 @@ module.exports = async (config) => {
             const instanceDatastore = getInstanceDatastore(session.instanceDatastoreConfig)
             return await getApisForSession(instanceDatastore, session);
         }
-    }
+    };
+
+    const getFullAccessInstanceApiForUsername = async (appname, username) => {
+
+        if(isMaster(appname)) {
+            const user = bb.authApi.getUsers()
+                                   .find(u => u.name === username);
+            if(!user) return;
+            if(!user.enabled) return;
+            return user;
+        }
+        else {
+            const app = await getApplication(appname);
+            const matches = bb.indexApi.listItems(
+                `/applications/${app.id}/user_name_lookup`,
+                {
+                    rangeStartParams:{name:username}, 
+                    rangeEndParams:{name:username}, 
+                    searchPhrase:`name:${username}`
+                }
+            );
+            if(matches.length !== 1) return;
+
+            const instanceDatastore = getInstanceDatastore(
+                matches[0].instanceDatastoreConfig);
+
+            return await getApisWithFullAccess(instanceDatastore);
+        }
+
+    };
 
     return ({
         getApplication,
         getSession,
         deleteSession, 
         authenticate,
-        getInstanceApiForSession
+        getInstanceApiForSession,
+        getFullAccessInstanceApiForUsername,
+        createTemporaryAccessCode
     });
 
 }
\ No newline at end of file