Yes, this is intentional, and only happens when user is not already logged
in (e.g. in other browser). Suppose there a link to with a single action -
change password in the e-mail - and your mailbox has an automated
spam/antivirus filter that visits and checks contents of any link in the
e-mail. Since password-change link can only be used once, if the link was
consumed by the spam filter, it would expire without actual changing the
password and the user would not be able to change their own password.
On Tue, Jan 16, 2018 at 10:42 PM, John D. Ament <john.d.ament(a)gmail.com>
I noticed that in the new version of keycloak there's a landing page that a
user receives when they're not logged in (I guess?) for a list of actions
to perform. This page doesn't make much sense to me as a user, I just want
to see my action since I only have one to do ever.
I see this commit introduced it
I can't see the linked JIRA ticket (i guess it's secure?). I don't see a
way to turn off this page. Is that on purpose?
keycloak-dev mailing list