Re: [keycloak-dev] Adding a validate password endpoint in the Admin API

I think the flow of allowing admins to set the users passwords are a bit broken in the first place. No-one should know a users password, but themselves. A better flow would be to send a password-reset link to users through email and let them set the initial password themselves. However, I can see that might not work for everyone so I don't feel to strongly about not accepting this change. Let's see what others think about it. On 27 June 2017 at 09:03, Wim Vandenhaute <wim.vandenhaute(a)gmail.com&gt; wrote: > Hello list, > > Via an admin portal of a customer I am working for, they provide a feature > where an admin can edit the user's data, including setting a new password. > > For the sake of atomicity, all update steps first go through a series of > validations for all modified data before actually committing the changes > and (if needed) updating the keycloak password > > At the moment, there is no way to pre-update do a validity check of the > updated password against keycloak's configured password policy(ies) > > Therefor I would propose to have a validate-password endpoint in the Admin > API. > > I've made a pull request already here: > * https://github.com/keycloak/keycloak/pull/4229 > > Any thoughts on this? > > Kind regards, > Wim > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev > _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev