[keycloak-user] Is there a REST Admin API to initiate the Reset Password flow?

Stian Thorgersen sthorger at redhat.com
Wed Feb 3 03:07:01 EST 2016 

There is an admin api to set password reset email, verify email and other
required actions, including custom actions, can be triggered with this api
as well.

On 3 February 2016 at 07:10, Lohitha Chiranjeewa <kalc04 at gmail.com> wrote:

> Hey Stian, let me re-track what I've been trying to say here....
>
> My first query was to check with you guys if there was an admin API to
> trigger the reset-password email. Seems there is no such API. However,
> there is an admin API to just reset the password without email verification
> (
> http://keycloak.github.io/docs/rest-api/index.html#_set_up_a_temporary_password_for_the_user
> ).
>
> My follow-up concern was that since there is an admin API to trigger the
> verification email (
> http://keycloak.github.io/docs/rest-api/index.html#_send_an_email_verification_email_to_the_user),
> it would have been consistent if there was an admin API to send the
> reset-password email as well.
>
> Hope this clarifies the misunderstanding.
>
>
> Regards,
> Lohitha.
>
> On Tue, Feb 2, 2016 at 2:19 PM, Stian Thorgersen <sthorger at redhat.com>
> wrote:
>
>> Have no idea what you are saying.
>>
>> We don't have any API outside of the admin endpoints that do password
>> reset, register email or anything else like that. For the admin endpoints
>> we have a very flexibly endpoint that lets you send exactly what actions
>> you want.
>>
>> On 1 February 2016 at 19:00, Lohitha Chiranjeewa <kalc04 at gmail.com>
>> wrote:
>>
>>> Hi Stian,
>>>
>>> I was referring to a potential API endpoint which actually sends out the
>>> password reset email (there's a similar API which sends out the
>>> registration email), not the existing one which just resets the password.
>>>
>>>
>>> Regards,
>>> Lohitha.
>>>
>>> On Mon, Feb 1, 2016 at 3:53 PM, Stian Thorgersen <sthorger at redhat.com>
>>> wrote:
>>>
>>>>
>>>>
>>>> On 28 January 2016 at 08:41, Lohitha Chiranjeewa <kalc04 at gmail.com>
>>>> wrote:
>>>>
>>>>> Thanks Fabricio, will check on how we can proceed with such an
>>>>> implementation.
>>>>>
>>>>> Since there is an already existing registration-email API, I thought
>>>>> it's consistent from Keycloak's perspective to expose a reset-password API
>>>>> as well...
>>>>>
>>>>
>>>> Not sure what you refer to, but there are no APIs for these actions
>>>> outside of the admin endpoints.
>>>>
>>>>
>>>>>
>>>>>
>>>>> Regards,
>>>>> Lohitha.
>>>>>
>>>>> On Thu, Jan 28, 2016 at 2:31 AM, Fabricio Milone <
>>>>> fabricio.milone at shinetech.com> wrote:
>>>>>
>>>>>> Hi Lohitha,
>>>>>>
>>>>>> I had the same requirements (Direct grant + forgotten password) and
>>>>>> ended up implementing a SPI using some piece of code made by Pedro Igor.
>>>>>>
>>>>>> An extract of the DEV Mailing list called: "*Add custom REST paths?
>>>>>> New SPI?*"
>>>>>>
>>>>>> *It is part of a working in progress around fine-grained
>>>>>>> authorization [1].*
>>>>>>> *The new SPI changes [2] specific to Keycloak are located in a
>>>>>>> specific branch [3] in my Keycloak fork.*
>>>>>>
>>>>>>
>>>>>>> *I need to discuss these changes with Bill and see what he thinks
>>>>>>> about it. Depending on his feedback, I can prepare a PR and send these
>>>>>>> changes to upstream.*
>>>>>>
>>>>>>
>>>>>>>
>>>>>>> *[1] https://github.com/pedroigor/keycloak-authz
>>>>>>> <https://github.com/pedroigor/keycloak-authz>*
>>>>>>> *[2]
>>>>>>> https://github.com/pedroigor/keycloak/commit/5e99614aacb70f7840a5ae25cfeaf3fc9d74ac54
>>>>>>> <https://github.com/pedroigor/keycloak/commit/5e99614aacb70f7840a5ae25cfeaf3fc9d74ac54>**[3]
>>>>>>> https://github.com/pedroigor/keycloak/tree/keycloak-authz-modified
>>>>>>> <https://github.com/pedroigor/keycloak/tree/keycloak-authz-modified>*
>>>>>>
>>>>>>
>>>>>>
>>>>>> Not sure if Keycloak will ever adopt those changes as official or
>>>>>> something similar though.
>>>>>>
>>>>>> That's a good starting point.
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>> On 27 January 2016 at 21:19, Stian Thorgersen <sthorger at redhat.com>
>>>>>> wrote:
>>>>>>
>>>>>>> There is in the admin endpoints, but nothing that's available to
>>>>>>> end-users.
>>>>>>>
>>>>>>> On 22 January 2016 at 06:45, Lohitha Chiranjeewa <kalc04 at gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> There are a few clients of ours who use the Direct Grants API to
>>>>>>>> authenticate their users. A requirement has come up to provide the Reset
>>>>>>>> Password flow to those clients. From what I've checked and gathered,
>>>>>>>> there's no REST API to initiate this flow (sending the Keycloak password
>>>>>>>> reset email + resetting the password through the UI); only way to do is
>>>>>>>> through the browser.
>>>>>>>>
>>>>>>>> If it's actually there somewhere, can someone point me to it?
>>>>>>>>
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Lohitha.
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> keycloak-user mailing list
>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> keycloak-user mailing list
>>>>>>> keycloak-user at lists.jboss.org
>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> *Fabricio Milone*
>>>>>> Developer
>>>>>>
>>>>>> *Shine Consulting *
>>>>>>
>>>>>> 30/600 Bourke Street
>>>>>>
>>>>>> Melbourne VIC 3000
>>>>>>
>>>>>> T: 03 8488 9939
>>>>>>
>>>>>> M: 04 3200 4006
>>>>>>
>>>>>>
>>>>>> www.shinetech.com  *a* passion for excellence
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160203/08c3dce9/attachment-0001.html

More information about the keycloak-user mailing list