[keycloak-dev] Adding a validate password endpoint in the Admin API

Stian Thorgersen sthorger at redhat.com
Tue Jun 27 04:43:36 EDT 2017

I think the flow of allowing admins to set the users passwords are a bit
broken in the first place. No-one should know a users password, but
themselves. A better flow would be to send a password-reset link to users
through email and let them set the initial password themselves.

However, I can see that might not work for everyone so I don't feel to
strongly about not accepting this change. Let's see what others think about

On 27 June 2017 at 09:03, Wim Vandenhaute <wim.vandenhaute at gmail.com> wrote:

> Hello list,
> Via an admin portal of a customer I am working for, they provide a feature
> where an admin can edit the user's data, including setting a new password.
> For the sake of atomicity, all update steps first go through a series of
> validations for all modified data before actually committing the changes
> and (if needed) updating the keycloak password
> At the moment, there is no way to pre-update do a validity check of the
> updated password against keycloak's configured password policy(ies)
> Therefor I would propose to have a validate-password endpoint in the Admin
> API.
> I've made a pull request already here:
>   *  https://github.com/keycloak/keycloak/pull/4229
> Any thoughts on this?
> Kind regards,
> Wim
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list