[keycloak-dev] Reset Actions
Stian Thorgersen
sthorger at redhat.com
Mon Nov 30 02:29:19 EST 2015
Ok, let's keep it as is then
On 27 November 2015 at 16:22, Bill Burke <bburke at redhat.com> wrote:
> Its a big change. Would probably have to refactor code a bit too as the
> current flows assumes authentication then required actions.
>
> On 11/27/2015 10:15 AM, Stian Thorgersen wrote:
>
>> Should we add it though?
>>
>> On 27 November 2015 at 16:03, Bill Burke <bburke at redhat.com
>> <mailto:bburke at redhat.com>> wrote:
>>
>> Would require the ability to apply a flow to a required action.
>>
>> On 11/27/2015 3:29 AM, Stian Thorgersen wrote:
>> > The new reset actions doesn't require the user to authenticate
>> prior to
>> > performing them. Is it not a bit dangerous that the user can
>> change the
>> > email address without authentication?
>> >
>> > For reset password we obviously need to be able to do it without
>> > requiring authentication, but shouldn't "bypassing" authentication
>> be
>> > limited as much as possible?
>> >
>> >
>> > _______________________________________________
>> > keycloak-dev mailing list
>> > keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>> >
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>>
>>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151130/c2e01c39/attachment-0001.html
More information about the keycloak-dev
mailing list