[keycloak-dev] refactored admin reset email and required actions

Bill Burke bburke at redhat.com
Mon Aug 31 10:09:54 EDT 2015 


On 8/31/2015 7:06 AM, Stian Thorgersen wrote:
>
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Saturday, 22 August, 2015 3:31:56 AM
>> Subject: [keycloak-dev] refactored admin reset email and required actions
>>
>> Admin console can send a reset password email to the user.  Originally
>> it just executed update password.  I changed this so that it sets an
>> Update Password required action on the User.  The email link click runs
>> all required actions set for the user, then displays a message that the
>> Account has been updated.
>
> The admin console could do either - set a password (and choose if it was temporary or not) as well as send a reset password link
>

Admin console can still manually set the password (temporary or not).


>>
>> When I get back, I'm also going to change the admin console behavior and
>> look too.  Instead of a "Reset Password Email" button on Credentials
>> tab, there will be a button next to the Required Actions selection box
>> on user detail, something like "Email Required Actions"  (I need a
>> better name).  Clicking on this button will send an email to user
>
> This isn't the correct approach IMO. What we used to have was the ability for an admin to send an email to a user to allow the user to recover the password. It wasn't a required action, just something the user could do if they needed to. I think how it worked before was much clearer to end users, also credentials tab is the correct place for "recovering password".
>


I'll repeat myself.  There may be more than one credential the 
admin/user needs/wants to reset.  These credentials may also be custom 
ones written by an system integrator.  I don't want to introduce yet 
another SPI for credential recovery when it would work exactly the same 
way as required actions.  Now, there is one place the admin can email 
the user to perform any specific action.

If you want to create a separate SPI and way of doing this to support 
reset of more than just password, feel free to create that SPI, extend 
the Model API, write the tests, update the docs and create new examples 
and make sure the flow is configurable. I think this approach is fine.


-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-dev mailing list