[keycloak-dev] How should reset-password-email work?

Stan Silvert ssilvert at redhat.com
Mon Jul 20 07:50:25 EDT 2015


I'm looking into KEYCLOAK-1543 [1], which concerns the REST API for 
reset-password-email [2].  I want to make sure I understand how this is 
meant to work.

You make a call to send the user a reset-password email.  And you 
specify a client id and a redirect uri.   I assume the redirect uri is 
the place the user is sent after he changes his password?  (via a link 
he clicks to continue)

Right now, it looks like the code is checking the client config to make 
sure that the redirect uri is included in the client's "valid redirect 
uri's".  So if redirect uri is specified then client id is also required?

The problem is that currently, the redirect uri is ignored and the user 
is always sent to the base uri of the client.

Please let me know if any of the above is incorrect.  I want to make 
sure I have this right as I fix it and update the documentation.

[1] https://issues.jboss.org/browse/KEYCLOAK-1543

More information about the keycloak-dev mailing list