Should we add it though?

On 27 November 2015 at 16:03, Bill Burke <bburke@redhat.com> wrote:
Would require the ability to apply a flow to a required action.

On 11/27/2015 3:29 AM, Stian Thorgersen wrote:
> The new reset actions doesn't require the user to authenticate prior to
> performing them. Is it not a bit dangerous that the user can change the
> email address without authentication?
>
> For reset password we obviously need to be able to do it without
> requiring authentication, but shouldn't "bypassing" authentication be
> limited as much as possible?
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev