[keycloak-dev] How should reset-password-email work?
stian at redhat.com
Mon Jul 20 09:25:40 EDT 2015
----- Original Message -----
> From: "Stan Silvert" <ssilvert at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Monday, 20 July, 2015 1:50:25 PM
> Subject: [keycloak-dev] How should reset-password-email work?
> I'm looking into KEYCLOAK-1543 , which concerns the REST API for
> reset-password-email . I want to make sure I understand how this is
> meant to work.
> You make a call to send the user a reset-password email. And you
> specify a client id and a redirect uri. I assume the redirect uri is
> the place the user is sent after he changes his password? (via a link
> he clicks to continue)
> Right now, it looks like the code is checking the client config to make
> sure that the redirect uri is included in the client's "valid redirect
> uri's". So if redirect uri is specified then client id is also required?
> The problem is that currently, the redirect uri is ignored and the user
> is always sent to the base uri of the client.
Actually I don't think it should be possible to specify a redirect uri for this endpoint. The endpoint is intended for an admin to send a login link to a user and so it can't be part of a login flow. As it's not for a login flow it doesn't make sense to use a redirect uri. Instead it should just be able to specify client and have the user sent to the base uri of the client.
> Please let me know if any of the above is incorrect. I want to make
> sure I have this right as I fix it and update the documentation.
>  https://issues.jboss.org/browse/KEYCLOAK-1543
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
More information about the keycloak-dev