[keycloak-user] Login user action lifespan

Thursday, 16 July 2015

Hi,

you can set the „login user action lifespan“ in realm settings for the time the link is
valid for a user to set a password (or other tasks).
This link seems to be valid and working even if the user has clicked on it and has done
the tasks.

Is it possible to configure this link to be valid only once during its lifespan ? Or at
least to be invalid as soon the user has set his password/done the login actions?
Otherwise this link could be used to change the password again, after the user has already
set his password - possibly from third persons who got known of this link. May be a
security issue?

Thanks & regards,
- Niko

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

[keycloak-user] Login user action lifespan