[keycloak-dev] Reset Actions
Stian Thorgersen
sthorger at redhat.com
Fri Nov 27 10:15:54 EST 2015
Should we add it though?
On 27 November 2015 at 16:03, Bill Burke <bburke at redhat.com> wrote:
> Would require the ability to apply a flow to a required action.
>
> On 11/27/2015 3:29 AM, Stian Thorgersen wrote:
> > The new reset actions doesn't require the user to authenticate prior to
> > performing them. Is it not a bit dangerous that the user can change the
> > email address without authentication?
> >
> > For reset password we obviously need to be able to do it without
> > requiring authentication, but shouldn't "bypassing" authentication be
> > limited as much as possible?
> >
> >
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151127/2896f47c/attachment.html
More information about the keycloak-dev
mailing list