Hi,
AFAIK, that would require changes to the SPI.
However, a hack would be to
use org.keycloak.credential.CredentialInputValidator#isValid to set the
current credential (passed as a CredentialInput) into the KeycloakSession
as an attribute and retrieve it later on when updateCredential is invoked.
On Wed, Aug 7, 2019 at 2:47 PM Steve Thomas <Steve.Thomas(a)logibec.com>
wrote:
Hi there,
I have a custom UserStorageProvider with updateCredential method being
implemented. Everything works fine but for security reason, I need the
current password to be passed to that method as well.
What is the suggested way if I want to change the behavior of the
processPasswordUpdate method of the AccountFormService?
Or is there a SPI I can use? Is there an example somewhere online?
Thank you in advance
[
http://images.logibec.com/Logibec121x57.png]
Steve Thomas
Analyste-programmeur Infrastructure de d?veloppement
Programmer Analyst
T +1-800-361-9659 | T +1 800 361-9659
Steve.Thomas(a)logibec.com
www.logibec.com
AVIS DE CONFIDENTIALIT? Le pr?sent courriel et les informations qu'il
contient sont confidentiels et demeurent la propri?t? exclusive de Logibec.
Ils ne peuvent ?tre diffus?s ? quiconque hormis les membres du personnel
devant en prendre connaissance, et ce, sous condition de leur avoir inform?
qu'ils sont la propri?t? de Logibec, sont confidentiels et ne peuvent ?tre
partag?s ? un tiers sans une autorisation pr?alable ?crite de Logibec. Si
vous n'?tes pas le destinataire vis?, veuillez en aviser imm?diatement
l'?metteur et d?truire le contenu du courriel sans le communiquer ou le
reproduire.
CONFIDENTIALITY NOTICE This email and the information it contains
contained herein are confidential and remain the exclusive property of
Logibec. They may not be disseminated to anyone except the staff members
who must be aware of it, provided that they have been informed that the
documents are the property of Logibec, are confidential and can not be
shared with a third party without the prior written authorization of
Logibec. If you are not the intended recipient, please indicate it
immediately and destroy the contents of the email without disclosing or
reproducing it.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user