[keycloak-user] Login user action lifespan
Stian Thorgersen
stian at redhat.com
Thu Jul 16 07:49:16 EDT 2015
Does it seem that it is valid, or is it valid? It should only be usable once.
----- Original Message -----
> From: "Niko Köbler" <niko at n-k.de>
> To: keycloak-user at lists.jboss.org
> Sent: Thursday, 16 July, 2015 1:45:43 PM
> Subject: [keycloak-user] Login user action lifespan
>
> Hi,
>
> you can set the „login user action lifespan“ in realm settings for the time
> the link is valid for a user to set a password (or other tasks).
> This link seems to be valid and working even if the user has clicked on it
> and has done the tasks.
>
> Is it possible to configure this link to be valid only once during its
> lifespan ? Or at least to be invalid as soon the user has set his
> password/done the login actions?
> Otherwise this link could be used to change the password again, after the
> user has already set his password - possibly from third persons who got
> known of this link. May be a security issue?
>
> Thanks & regards,
> - Niko
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list