[keycloak-user] Admin client

Thu Apr 21 01:31:06 EDT 2016

-1 That will create a user session. Add login events, etc.. It's messy..

What's the purpose of the REST API? Is it aimed at admins? If so they
shouldn't know the users password in the first place. If it's aimed at
users themselves make sure they have a valid access token with the manage
account role.

On 21 April 2016 at 07:23, Guus der Kinderen <guus.der.kinderen at gmail.com>
wrote:

> Quick-and-dirty workaround: try to authenticate as the user. That will
> either succeed, or fail, which tells you if the provided password was
> correct.
> On 21 Apr 2016 06:43, "Marek Posolda" <mposolda at redhat.com> wrote:
>
>> I think the admin client doesn't support this. If you are admin and you
>> want to reset password of some user, you are not supposed to know the
>> password of user anyway. Keycloak admin console also doesn't need to know
>> existing user password when you want to reset password of user.
>>
>> Marek
>>
>>
>> On 21/04/16 00:48, Bruno Palermo wrote:
>>
>> Hi,
>>
>> I'm trying to implement a REST API for some basic user actions, like
>> change password and would like to know if there's any way to validate the
>> current user password before reset his password using the provide java API.
>>
>> Thanks,
>> Bruno
>>
>>
>> _______________________________________________
>> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160421/6ef21b85/attachment.html 