<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Having such option makes sense for sure.<div class="">Jira issue:&nbsp;<a href="https://issues.jboss.org/browse/KEYCLOAK-2052" class="">https://issues.jboss.org/browse/KEYCLOAK-2052</a></div><div class=""><br class=""></div><div class="">Thanks,</div><div class=""><br class=""><div apple-content-edited="true" class="">
Libor Krzyžanek<br class=""><a href="http://jboss.org" class="">jboss.org</a> Development Team
</div>
<br class=""><div><blockquote type="cite" class=""><div class="">On Nov 10, 2015, at 3:27 PM, Stian Thorgersen &lt;<a href="mailto:sthorger@redhat.com" class="">sthorger@redhat.com</a>&gt; wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">2-3 days for email verification seems OK to me, but I wouldn't do that for password resets. So I think you need to request a feature to be able to configure those independently.</div><div class="gmail_extra"><br class=""><div class="gmail_quote">On 10 November 2015 at 13:50, Libor Krzyzanek <span dir="ltr" class="">&lt;<a href="mailto:lkrzyzan@redhat.com" target="_blank" class="">lkrzyzan@redhat.com</a>&gt;</span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br class="">
we got requirement to have long timeout e.g. 2 - 3 days on links for e-mail verification during registration for better UX.<br class="">
It’s possible to do it via setting "Login action timeout” to 3 days. This setting also change the timeout of link for forgot password AFAIK.<br class="">
<br class="">
I’m thinking about security implications.<br class="">
<br class="">
Can somebody steal such link in e-mail somehow and then steal identity because of doing “forgot password” on target account? For example by listening SMTP protocol communication?<br class="">
<br class="">
Thanks,<br class="">
<br class="">
Libor Krzyžanek<br class="">
<a href="http://jboss.org/" rel="noreferrer" target="_blank" class="">jboss.org</a> Development Team<br class="">
<br class="">
<br class="">
_______________________________________________<br class="">
keycloak-user mailing list<br class="">
<a href="mailto:keycloak-user@lists.jboss.org" class="">keycloak-user@lists.jboss.org</a><br class="">
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank" class="">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></blockquote></div><br class=""></div>
</div></blockquote></div><br class=""></div></body></html>