[keycloak-dev] Reset Password changes complete needs review
Nekrasov Aleksandr
a.nekrasov at ftc.ru
Tue Jun 14 08:54:57 EDT 2016
Hi!
My case is next: We have mobile project, which has no website. For some politics we cannot use any web forms for this project ( Keycloak forms too ) and app interact only with our rest service. When user reset credentials, he should receive email with some OTP code ( not link ) to enter it into mobile app.
Another reason why not link is that user must stay in mobile app context.
App context ( three steps flow):
1. User click "forgot password", enter email and click next
2. User see "enter reset code here" and paste here from email then click next
3. User enter new password, click "save" and can work with app
Link breaks this scenario and adds one more context. And user should open it through browser. How the user can trust it? Its more difficult for the users for this case.
I prefer, if EmailTemplateProvider.sendPasswordReset method would have additional configurable OTP parameter. And using my own templates I can send to user OTP, link, or both.
Discussion starts here: http://lists.jboss.org/pipermail/keycloak-dev/2015-August/005092.html
Nekrasov Aleksander,
Developer,
Center of Financial Techologies
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160614/0e27720f/attachment-0001.html
More information about the keycloak-dev
mailing list