On 8/20/2015 10:05 AM, Stian Thorgersen wrote:
If it makes it easier I think sending a recover password link, but
not loging-in the user afterwards is fine.
That might work. I think that might allow us to not have special
user-facing APIs and also avoid a stale login window.
JBoss, a division of Red Hat