[keycloak-dev] Reset password and verify email links are to long
Bill Burke
bburke at redhat.com
Tue Jul 15 13:14:45 EDT 2014
On 7/15/2014 12:34 PM, Stian Thorgersen wrote:
>> If that's what you're saying +1.
>
> Are you referring to option 1, storing the required info in the user session temporarily? Not sure I understand the details about what you're proposing though.
>
Yes, option 1. AccessCode should be associated with the user session.
Appropriate state needs to be stored in the session as AccessCode
currently saves a lot of stuff.
Then the code only has to contain:
id, session-id, timestamp
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list