[keycloak-user] Admin client
Stian Thorgersen
sthorger at redhat.com
Mon Apr 25 09:03:56 EDT 2016
Question - why do you not want OTPs?
On 25 April 2016 at 14:30, Bruno Palermo <palermo at pobox.com> wrote:
> I guess it would be simpler. I will try to hide all the unneeded features,
> such as OTP's, on the template.
>
> Thanks!
>
> ------------------------------
> Date: Mon, 25 Apr 2016 10:45:40 +0200
> Subject: Re: [keycloak-user] Admin client
> From: sthorger at redhat.com
> To: palermo at pobox.com
> CC: keycloak-user at lists.jboss.org
>
>
> There is not manage account API at the moment, we plan on introducing that
> in the future though.
>
> You'd still need to invoke the admin endpoints to do the update password,
> but you should check the token first to make sure the user is actually
> authenticated.
>
> Would it not be simpler to just use our account management console? You
> can hide the features you don't want, but what features are those exactly?
> Do you not want users to be able to update their profile? Do you not want
> to support OTP's?
>
> On 21 April 2016 at 14:42, Bruno Palermo <palermo at pobox.com> wrote:
>
> It's aimed for users on our front-end integration, so we don't need to
> create a new theme since we don't need all the available options from the
> account-management page.
>
> So if the user has a valid access token with manage account role, he will
> be able to make request to manage account API directly?
>
> ------------------------------
> Date: Thu, 21 Apr 2016 07:31:06 +0200
> From: sthorger at redhat.com
> To: guus.der.kinderen at gmail.com
> CC: keycloak-user at lists.jboss.org
> Subject: Re: [keycloak-user] Admin client
>
>
> -1 That will create a user session. Add login events, etc.. It's messy..
>
> What's the purpose of the REST API? Is it aimed at admins? If so they
> shouldn't know the users password in the first place. If it's aimed at
> users themselves make sure they have a valid access token with the manage
> account role.
>
> On 21 April 2016 at 07:23, Guus der Kinderen <guus.der.kinderen at gmail.com>
> wrote:
>
> Quick-and-dirty workaround: try to authenticate as the user. That will
> either succeed, or fail, which tells you if the provided password was
> correct.
> On 21 Apr 2016 06:43, "Marek Posolda" <mposolda at redhat.com> wrote:
>
> I think the admin client doesn't support this. If you are admin and you
> want to reset password of some user, you are not supposed to know the
> password of user anyway. Keycloak admin console also doesn't need to know
> existing user password when you want to reset password of user.
>
> Marek
>
>
> On 21/04/16 00:48, Bruno Palermo wrote:
>
> Hi,
>
> I'm trying to implement a REST API for some basic user actions, like
> change password and would like to know if there's any way to validate the
> current user password before reset his password using the provide java API.
>
> Thanks,
> Bruno
>
>
> _______________________________________________
> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________ keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160425/55051925/attachment-0001.html
More information about the keycloak-user
mailing list