Ok, let's keep it as is then
On 27 November 2015 at 16:22, Bill Burke <bburke(a)redhat.com> wrote:
Its a big change. Would probably have to refactor code a bit too as
the
current flows assumes authentication then required actions.
On 11/27/2015 10:15 AM, Stian Thorgersen wrote:
> Should we add it though?
>
> On 27 November 2015 at 16:03, Bill Burke <bburke(a)redhat.com
> <mailto:bburke@redhat.com>> wrote:
>
> Would require the ability to apply a flow to a required action.
>
> On 11/27/2015 3:29 AM, Stian Thorgersen wrote:
> > The new reset actions doesn't require the user to authenticate
> prior to
> > performing them. Is it not a bit dangerous that the user can
> change the
> > email address without authentication?
> >
> > For reset password we obviously need to be able to do it without
> > requiring authentication, but shouldn't "bypassing"
authentication
> be
> > limited as much as possible?
> >
> >
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev(a)lists.jboss.org <mailto:keycloak-dev@lists.jboss.org>
> >
https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
>
http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org <mailto:keycloak-dev@lists.jboss.org>
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com