[keycloak-dev] refactoring reset password

[Stian Thorgersen]

----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Sunday, 16 August, 2015 1:15:17 AM
> Subject: [keycloak-dev] refactoring reset password
> 
> I'm refactoring reset password.  I'll be adding a pluggable
> "reset-credentials" flow so that users can add things like answering
> secret questions before they are sent the email.  They will also be able
> to remove/disable sending an email and implement their own mechanism,
> i.e. SMS.
> 
> Our old implementation would just reset the user's password, they would
> then have to click back to application and restart the login process.
> With flows, I can log the user in.  Isn't that a better approach?

That's incorrect, the old flow would login the user if the reset password link was opened in the same browser session as the flow was initiated from.

> 
> The only issue with automatic login is OTP.  What should be the default
> behavior be here?:
> 
> 1) If OTP is set up for the user or if required by realm, automatically
> set the OTP required action.
> 2) If OTP is set up for the user and not required by realm, disable
> their OTP, let them log in.
> 3) If OTP is set up for the user or if required by realm, don't
> automatically set the OTP required action, let the user login after
> successful email
> 4) If OTP is set up for the user or required by realm, don't set OTP
> required action, after successful email, require them to enter in the otp
> 
> I think the default behavior should be #1.  Without coding, users would
> still be able to configure any option above in the admin console by
> adding various authenticators to the flow.

I'm not following - in #1 are users required to re-configure OTP?

> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>