Re: [keycloak-dev] Reset password and verify email links are to long
On 7/15/2014 12:34 PM, Stian Thorgersen wrote:
> If that's what you're saying +1.
Are you referring to option 1, storing the required info in the user session temporarily?
Not sure I understand the details about what you're proposing though.
Yes, option 1. AccessCode should be associated with the user session.
Appropriate state needs to be stored in the session as AccessCode
currently saves a lot of stuff.
Then the code only has to contain:
id, session-id, timestamp
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com