Re: [keycloak-user] Login user action lifespan

Am 16.07.2015 um 13:49 schrieb Stian Thorgersen <stian(a)redhat.com&gt;: Does it seem that it is valid, or is it valid? It should only be usable once. ----- Original Message ----- > From: "Niko Köbler" <niko(a)n-k.de&gt; > To: keycloak-user(a)lists.jboss.org > Sent: Thursday, 16 July, 2015 1:45:43 PM > Subject: [keycloak-user] Login user action lifespan > > Hi, > > you can set the „login user action lifespan“ in realm settings for the time > the link is valid for a user to set a password (or other tasks). > This link seems to be valid and working even if the user has clicked on it > and has done the tasks. > > Is it possible to configure this link to be valid only once during its > lifespan ? Or at least to be invalid as soon the user has set his > password/done the login actions? > Otherwise this link could be used to change the password again, after the > user has already set his password - possibly from third persons who got > known of this link. May be a security issue? > > Thanks & regards, > - Niko > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user