[keycloak-dev] Account management requirements for beta1

Stian Thorgersen stian at redhat.com
Tue May 6 04:43:40 EDT 2014 

I've set those issues as low priority for beta1 - I can do them if I get the chance, otherwise we'll have to push them

----- Original Message -----
> From: "Marek Posolda" <mposolda at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Monday, 5 May, 2014 8:42:23 AM
> Subject: Re: [keycloak-dev] Account management requirements for beta1
> 
> There is also the thing, that currently user registered through social
> can't change his password - https://issues.jboss.org/browse/KEYCLOAK-334
> . Not sure if this is priority for beta1, but it should be at least in
> 1.0-Final IMO.
> 
> We discussed the possibility to remove the options
> "updateProfileOnInitialSocialLogin", "verifyEmail" and instead use list
> of requiredActions after normal registration and social registration.
> 
> Currently it's assigned to me and planned for Beta1, but I don't think
> that I can do it though as I am on PTO from Thursday and then whole next
> week...
> 
> Marek
> 
> On 30.4.2014 18:17, Stian Thorgersen wrote:
> > With regards to account management what additional requirements do we have
> > for beta1?
> >
> > Features I can think off to add now or in the future includes:
> >
> > * Manage refresh tokens - view applications and clients that have refresh
> > tokens, and the ability to invalidate specific tokens
> > * Manage devices - view browsers and devices that have access (remember me
> > cookie?), and the ability to invalidate specific cookies
> > * Manage devices that can bypass totp - it seems to be quite common that
> > it's possible to not require asking for totp again for a specific device,
> > I assume this is done by setting a cookie, if we enable this it should be
> > possible to view what devices have this option, as well as invalidate them
> > * Manage applications - view all applications, be able to navigate to an
> > application, and the ability to invalidate access to specific application
> > * Manage clients - view all clients and what grants they have, and the
> > ability to revoke access to specific client
> >
> > I think listing client grants, invalidate specific client grants, and a
> > logout everything option would be sufficient. The logout everything option
> > would invalidate any refresh tokens, remember me cookies, 'skip' totp
> > cookies and do a sso-logout.
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> 
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

More information about the keycloak-dev mailing list