Would require the ability to apply a flow to a required action.
On 11/27/2015 3:29 AM, Stian Thorgersen wrote:
The new reset actions doesn't require the user to authenticate
prior to
performing them. Is it not a bit dangerous that the user can change the
email address without authentication?
For reset password we obviously need to be able to do it without
requiring authentication, but shouldn't "bypassing" authentication be
limited as much as possible?
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com