[keycloak-user] Automatically logging in after performing an Update Password
John D. Ament
john.d.ament at gmail.com
Thu Jul 13 22:27:19 EDT 2017
Hi,
Based on the Required Actions guide (
https://keycloak.gitbooks.io/documentation/server_admin/topics/users/required-actions.html)
we've implemented a custom required action that acts a lot like Update
Password (it performs a few other sync items for us). One of our needs is
to automatically log the user in to their destination application upon
setting this password. This was working for us in 3.1 by creating a custom
template that was rendered upon the completion of the Update Password
action that forwarded the user to our application and set the necessary
cookies.
This no longer works in 3.2. We believe it has to do with the ability to
reuse required action links. Before, the link was one time use so it was
only working once, however our need is to make those links work unlimited
times until consumed. By setting a new challenge to the user after
updating their password, the token is no longer being marked as consumed
and the link remains working.
So I was wondering, what other ways could we achieve this behavior? It
sounds like a challenge isn't the right approach.
John
More information about the keycloak-user
mailing list