key and code in emails - keycloak-dev - Jboss List Archives

2025

January

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

key and code in emails

Increase 'SSO Session Idle...

Running behind a nginx proxy?

Stian Thorgersen

Tuesday, 21 October 2014 Tue, 21 Oct '14

9:08 a.m.

Why is there a key as well as the code query params in links sent in emails?

Reply

Show replies by date

Stian Thorgersen

Tuesday, 21 October Tue, 21 Oct

9:42 a.m.

I guess it's added as an additional security check. This would be applicable to all codes though. I propose in ClientSessionCode#getAction we create a new key and set it on the ClientSession. Then we add the key to the signature part of the code. This would make each code more unique and harder to generate, while at the same time we could remove the key query param for emails. ----- Original Message -----

From: "Stian Thorgersen" <stian(a)redhat.com> To: "keycloak dev" <keycloak-dev(a)lists.jboss.org> Sent: Tuesday, 21 October, 2014 9:08:56 AM Subject: [keycloak-dev] key and code in emails Why is there a key as well as the code query params in links sent in emails? _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev

Reply

3726

days inactive

3726

days old

keycloak-dev@lists.jboss.org

Manage subscription

1 comments

1 participants

tags (0)

participants (1)

Stian Thorgersen