<div dir="ltr"><div><div><div><div>Hey Stian, let me re-track what I've been trying to say here....<br><br></div>My first query was to check with you guys if there was an admin API to trigger the reset-password email. Seems there is no such API. However, there is an admin API to just reset the password without email verification (<a href="http://keycloak.github.io/docs/rest-api/index.html#_set_up_a_temporary_password_for_the_user">http://keycloak.github.io/docs/rest-api/index.html#_set_up_a_temporary_password_for_the_user</a>).<br><br>My follow-up concern was that since there is an admin API to trigger the verification email (<a href="http://keycloak.github.io/docs/rest-api/index.html#_send_an_email_verification_email_to_the_user">http://keycloak.github.io/docs/rest-api/index.html#_send_an_email_verification_email_to_the_user</a>), it would have been consistent if there was an admin API to send the reset-password email as well. <br><br></div>Hope this clarifies the misunderstanding.<br><br><br></div>Regards,<br></div>Lohitha.<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Feb 2, 2016 at 2:19 PM, Stian Thorgersen <span dir="ltr"><<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Have no idea what you are saying.<div><br></div><div>We don't have any API outside of the admin endpoints that do password reset, register email or anything else like that. For the admin endpoints we have a very flexibly endpoint that lets you send exactly what actions you want.</div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On 1 February 2016 at 19:00, Lohitha Chiranjeewa <span dir="ltr"><<a href="mailto:kalc04@gmail.com" target="_blank">kalc04@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>Hi Stian,<br><br></div>I was referring to a potential API endpoint which actually sends out the password reset email (there's a similar API which sends out the registration email), not the existing one which just resets the password.<br><br><br></div>Regards,<br></div>Lohitha.<br></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Feb 1, 2016 at 3:53 PM, Stian Thorgersen <span dir="ltr"><<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><span>On 28 January 2016 at 08:41, Lohitha Chiranjeewa <span dir="ltr"><<a href="mailto:kalc04@gmail.com" target="_blank">kalc04@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>Thanks Fabricio, will check on how we can proceed with such an implementation. <br><br>Since there is an already existing registration-email API, I thought it's consistent from Keycloak's perspective to expose a reset-password API as well...<br></div></div></div></blockquote><div><br></div></span><div>Not sure what you refer to, but there are no APIs for these actions outside of the admin endpoints.</div><div><div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><br><br></div>Regards,<br></div>Lohitha.<br></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jan 28, 2016 at 2:31 AM, Fabricio Milone <span dir="ltr"><<a href="mailto:fabricio.milone@shinetech.com" target="_blank">fabricio.milone@shinetech.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Hi Lohitha,</div><div><br></div><div>I had the same requirements (Direct grant + forgotten password) and ended up implementing a SPI using some piece of code made by Pedro Igor.</div><div><br></div><div>An extract of the DEV Mailing list called: "<b>Add custom REST paths? New SPI?</b>"</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><i>It is part of a working in progress around fine-grained authorization [1].</i><i><br></i><i>The new SPI changes [2] specific to Keycloak are located in a specific branch [3] in my Keycloak fork.</i> </blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><i><br></i><i>I need to discuss these changes with Bill and see what he thinks about it. Depending on his feedback, I can prepare a PR and send these changes to upstream.</i> </blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><i><br></i><i>[1] <a href="https://github.com/pedroigor/keycloak-authz" target="_blank">https://github.com/pedroigor/keycloak-authz</a><br></i><i>[2] <a href="https://github.com/pedroigor/keycloak/commit/5e99614aacb70f7840a5ae25cfeaf3fc9d74ac54" target="_blank">https://github.com/pedroigor/keycloak/commit/5e99614aacb70f7840a5ae25cfeaf3fc9d74ac54</a><br></i><i>[3] <a href="https://github.com/pedroigor/keycloak/tree/keycloak-authz-modified" target="_blank">https://github.com/pedroigor/keycloak/tree/keycloak-authz-modified</a></i></blockquote><div><br></div><div><br></div><div>Not sure if Keycloak will ever adopt those changes as official or something similar though.</div><div><br></div><div>That's a good starting point.</div><div><br></div><div>Regards</div></div><div class="gmail_extra"><div><div><br><div class="gmail_quote">On 27 January 2016 at 21:19, Stian Thorgersen <span dir="ltr"><<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">There is in the admin endpoints, but nothing that's available to end-users.</div><div class="gmail_extra"><br><div class="gmail_quote"><div><div>On 22 January 2016 at 06:45, Lohitha Chiranjeewa <span dir="ltr"><<a href="mailto:kalc04@gmail.com" target="_blank">kalc04@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div dir="ltr"><div><div><div><div>Hi,<br><br></div>There are a few clients of ours who use the Direct Grants API to authenticate their users. A requirement has come up to provide the Reset Password flow to those clients. From what I've checked and gathered, there's no REST API to initiate this flow (sending the Keycloak password reset email + resetting the password through the UI); only way to do is through the browser.<br><br></div>If it's actually there somewhere, can someone point me to it?<br><br><br></div>Regards,<br></div>Lohitha.<br></div>
<br></div></div>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br><br clear="all"><div><br></div></div></div>-- <br><div><div dir="ltr"><div><span style="font-size:12.8px;font-family:Verdana,Arial,Helvetica,sans-serif"><b><font color="#000000">Fabricio Milone</font></b></span></div><div><span style="font-size:12.8px;font-family:Verdana,Arial,Helvetica,sans-serif"><font color="#000000">Developer</font></span></div><span style="font-size:12.8px;font-family:Verdana,Arial,Helvetica,sans-serif"><b><font color="#009900"><div><span style="font-size:12.8px;font-family:Verdana,Arial,Helvetica,sans-serif"><b><font color="#009900"><br></font></b></span></div>Shine Consulting </font></b></span><span style="font-size:12.8px;font-family:Verdana,Arial,Helvetica,sans-serif"><p style="font-size:13.3px;color:rgb(0,153,0);margin:0pt"><span style="color:rgb(0,0,0)">30/600 Bourke Street</span></p><p style="font-size:13.3px;color:rgb(0,153,0);margin:0pt"><span style="color:rgb(0,0,0)">Melbourne VIC 3000</span></p><p style="font-size:13.3px;color:rgb(0,153,0);margin:0pt"><span style="color:rgb(0,0,0)">T: 03 8488 9939</span></p><p style="font-size:13.3px;color:rgb(0,153,0);margin:0pt"><span style="color:rgb(0,0,0)">M: 04 3200 4006</span></p><p style="font-size:13.3px;color:rgb(0,153,0);margin:0pt"><span style="color:rgb(0,0,0)"><br></span></p></span><span style="font-size:13.3px;font-family:Verdana,Arial,Helvetica,sans-serif"><span style="font-size:13.3px"><p style="margin:0pt"><a href="http://www.shinetech.com/" style="color:rgb(51,51,51)" target="_blank">www.shinetech.com</a><font color="#333333"> </font><i style="color:rgb(51,51,51)"><b>a</b></i><font color="#333333"> passion for excellence</font></p></span></span></div></div>
</div>
</blockquote></div><br></div>
</div></div></blockquote></div></div></div><br></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>