Re: [keycloak-dev] Adding a validate password endpoint in the Admin API
I think the flow of allowing admins to set the users passwords are a bit
broken in the first place. No-one should know a users password, but
themselves. A better flow would be to send a password-reset link to users
through email and let them set the initial password themselves.
However, I can see that might not work for everyone so I don't feel to
strongly about not accepting this change. Let's see what others think about
it.
On 27 June 2017 at 09:03, Wim Vandenhaute <wim.vandenhaute(a)gmail.com> wrote:
Hello list,
Via an admin portal of a customer I am working for, they provide a feature
where an admin can edit the user's data, including setting a new password.
For the sake of atomicity, all update steps first go through a series of
validations for all modified data before actually committing the changes
and (if needed) updating the keycloak password
At the moment, there is no way to pre-update do a validity check of the
updated password against keycloak's configured password policy(ies)
Therefor I would propose to have a validate-password endpoint in the Admin
API.
I've made a pull request already here:
* https://github.com/keycloak/keycloak/pull/4229
Any thoughts on this?
Kind regards,
Wim
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev