[keycloak-dev] Reset Password changes complete needs review

Bill Burke bburke at redhat.com
Thu Aug 20 17:08:14 EDT 2015



On 8/20/2015 10:05 AM, Stian Thorgersen wrote:
> If it makes it easier I think sending a recover password link, but not loging-in the user afterwards is fine.
>

I implemented it so that after you type in the username for Forgot 
Password, it brings you to the login screen with a message "You should 
receive an email with instructions to reset your credentials".  Clicking 
on the link in the email allows you to log in.

I added a fork() method that clones the current ClientSession and resets 
it to follow the browser login flow.  This is called in the email 
authenticator.  I couldn't get around introducing another SPI method.

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-dev mailing list