Re: [keycloak-user] Admin client
-1 That will create a user session. Add login events, etc.. It's messy..
What's the purpose of the REST API? Is it aimed at admins? If so they
shouldn't know the users password in the first place. If it's aimed at
users themselves make sure they have a valid access token with the manage
account role.
On 21 April 2016 at 07:23, Guus der Kinderen <guus.der.kinderen(a)gmail.com>
wrote:
Quick-and-dirty workaround: try to authenticate as the user. That
will
either succeed, or fail, which tells you if the provided password was
correct.
On 21 Apr 2016 06:43, "Marek Posolda" <mposolda(a)redhat.com> wrote:
> I think the admin client doesn't support this. If you are admin and you
> want to reset password of some user, you are not supposed to know the
> password of user anyway. Keycloak admin console also doesn't need to know
> existing user password when you want to reset password of user.
>
> Marek
>
>
> On 21/04/16 00:48, Bruno Palermo wrote:
>
> Hi,
>
> I'm trying to implement a REST API for some basic user actions, like
> change password and would like to know if there's any way to validate the
> current user password before reset his password using the provide java API.
>
> Thanks,
> Bruno
>
>
> _______________________________________________
> keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
Attachments:
- attachment.html (text/html — 3.2 KB)