[keycloak-dev] User actions
Gabriel Cardoso
gcardoso at redhat.com
Tue Sep 17 14:48:31 EDT 2013
> Yes, the flow should be:
>
> * User tries to login to an application and realizes that he doesn't remember password
> * Click on reset password
You mean the "Forgot password" link in the login page, right?
> * A page shows that an email has been sent to the user (including a link to resend)
Don't we need a page for the user to fill in his password? This is the common practice. Forgot password is a link and not an action in the login screen, so the user expects to be redirected to a page. (See attachment 1 and 2)
> * The user then receives an email with a link that the user clicks on
I made a proposal. See attachment 3.
> * When the user has clicked on the link the user is brought to the reset password form and can insert a new password (and password confirmation)
Attachment 4
> * When the user submits the reset password form the user is logged in to the realm and redirected to the application
Some applications give a feedback that the password has been saved and redirect the user to the login page. Isn't that because of some security issue? (See attachment 5).
> How long the user has to click the link in the email depends on the Realm settings. By default I think it should be 15 minutes (or something along those lines).
I put this information in the email (attachment 3).
> There's also other cases:
>
> * Admin initiates reset on behalf of user - in this case a user gets a email, but once the password is changed the user is redirected to the account management pages
Proposal in attachement 6
> * In the above scenario if there was not a validated email associated with the user the user is given a temporary password by the admin - on the first login with this temporary password the user is required to change it
Attachment 7
> * A password could have expired, in which case the user is required to change it on next long
Attachment 1:
Attachment 2: feedback
Attachment 3: email
-----
Keycloak Password Reset
Hi Gabriel,
Someone just requested to change your Keycloak account's password.
If this was you, click the link below to set a new password:
https://www.keycloak.com/forgot?forgot_key=wOhBexgXAiY4iKdetfbDaP6kCAhIp-Mq
This link will expire within 15 minutes. If you don't want to reset your password, just ignore this message and nothing will be changed.
Thanks,
The Keycloak Team
----
Attachment 4
Attachment 5
Attachment 6:
-----
Keycloak Password Change
Hi Gabriel,
Your password has been changed by a Keycloak administrator.
Please access your account and update your password in the link below:
https://www.keycloak.com/forgot?forgot_key=wOhBexgXAiY4iKdetfbDaP6kCAhIp-Mq
Thanks,
The Keycloak Team
----
Attachment 7
What do you think?
Gabriel
--
Gabriel Cardoso
GateIn Portal | User Experience Designer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20130917/3bd9743f/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: reset-password.png
Type: image/png
Size: 168034 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-dev/attachments/20130917/3bd9743f/attachment-0005.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: reset-password2.png
Type: image/png
Size: 172153 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-dev/attachments/20130917/3bd9743f/attachment-0006.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: new-password.png
Type: image/png
Size: 159327 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-dev/attachments/20130917/3bd9743f/attachment-0007.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: new-password-saved.png
Type: image/png
Size: 181166 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-dev/attachments/20130917/3bd9743f/attachment-0008.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: reset-password-account.png
Type: image/png
Size: 57316 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-dev/attachments/20130917/3bd9743f/attachment-0009.png
More information about the keycloak-dev
mailing list