Re: [keycloak-user] Issues with password reset link expiration

We changed the "error" message in I think 1.9? Maybe 1.8 to say "You clicked on a stale link. Maybe you have already verified your email?" I'll look into improving this I guess. On 2/10/2016 4:21 AM, Stian Thorgersen wrote: It should be possible to open the link multiple times, but only submit the password reset once. If that's not the case (sounds like it is) feel free to create a JIRA issue to report this as a bug. On 10 February 2016 at 05:24, Michael Anthon < michael.anthon(a)infoview.com.au&gt; wrote: > We are having issues with some users when they are attempting to use the > password reset feature. It does work for most users however for some they > always end up at an error page saying "WE'RE SORRY ... An error occurred, > please login again through your application" > > What I have been able to determine so far is that for the affected users > we are seeing a double hit on that URL in the server logs and from what I > understand, these reset URLs are invalidated as soon as they are accessed. > > So here's the state of play > * works for most users > * some users hitting the reset URL twice > * URL is only valid for the first access (I'm not 100% sure about this, > can someone confirm please?) > * URL is only valid for 30 minutes (but is being accessed within a few > minutes of generation) > * affected users are mostly using Outlook > * some people tend to double click links in emails but I've verified with > a reliable user that they are only clicking the link once > * having the affected person send themselves another reset email and then > copy and paste the URL from the mail client usually resolves this problem > > And questions > * is this an issue anyone else has noticed with Outlook, doesn't affect > ALL Outlook users, just some > * is there a way to prevent the URL from being invalidated on initial > access > * is it feasible to change the behavior so that the URL is only > invalidated when the password is changed > * any other thoughts on how to avoid this issue? > > Thanks and Regards, > > Michael Anthon > InfoView Technologies Pty Ltd > 12/15 Adelaide St, Brisbane Qld 4000 > P O Box 15478, City East, Brisbane Qld 4000 > PH: +61 7 3014 2204 <%2B61%207%203014%202204> > F: +61 7 3014 2200 <%2B61%207%203014%202200> > M: +61 408 768 055 <%2B61%20408%20768%20055> > michael.anthon(a)infoview.com.au > > The information transmitted is intended only for the person or entity to > which it is addressed and may contain confidential and/or privileged > material. Any review, retransmission, dissemination or other use of, or > taking of any action in reliance upon, this information by persons or > entities other than the intended recipient is prohibited. If you received > this in error, please contact the sender and delete the material from any > computer. Any views or opinions expressed in this email are solely those of > the author and do not necessarily represent those of InfoView Technologies > Pty Ltd. > > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > _______________________________________________ keycloak-user mailing listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user -- Bill Burke JBoss, a division of Red Hathttp://bill.burkecentral.com _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user