Re: [keycloak-user] Login user action lifespan

From: "Niko Köbler" <niko(a)n-k.de&gt; To: keycloak-user(a)lists.jboss.org Sent: Thursday, 16 July, 2015 1:45:43 PM Subject: [keycloak-user] Login user action lifespan Hi, you can set the „login user action lifespan“ in realm settings for the time the link is valid for a user to set a password (or other tasks). This link seems to be valid and working even if the user has clicked on it and has done the tasks. Is it possible to configure this link to be valid only once during its lifespan ? Or at least to be invalid as soon the user has set his password/done the login actions? Otherwise this link could be used to change the password again, after the user has already set his password - possibly from third persons who got known of this link. May be a security issue? Thanks & regards, - Niko _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user