[keycloak-user] Automatically logging in after performing an Update Password

John D. Ament john.d.ament at gmail.com
Wed Jul 19 11:46:01 EDT 2017


Any thoughts?

On Thu, Jul 13, 2017 at 10:27 PM John D. Ament <john.d.ament at gmail.com>
wrote:

> Hi,
>
> Based on the Required Actions guide (
> https://keycloak.gitbooks.io/documentation/server_admin/topics/users/required-actions.html)
> we've implemented a custom required action that acts a lot like Update
> Password (it performs a few other sync items for us).  One of our needs is
> to automatically log the user in to their destination application upon
> setting this password.  This was working for us in 3.1 by creating a custom
> template that was rendered upon the completion of the Update Password
> action that forwarded the user to our application and set the necessary
> cookies.
>
> This no longer works in 3.2.  We believe it has to do with the ability to
> reuse required action links.  Before, the link was one time use so it was
> only working once, however our need is to make those links work unlimited
> times until consumed.  By setting a new challenge to the user after
> updating their password, the token is no longer being marked as consumed
> and the link remains working.
>
> So I was wondering, what other ways could we achieve this behavior?  It
> sounds like a challenge isn't the right approach.
>
> John
>


More information about the keycloak-user mailing list