[keycloak-dev] How should reset-password-email work?

[Stian Thorgersen]

----- Original Message -----
> From: "Stan Silvert" <ssilvert at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Monday, 20 July, 2015 1:50:25 PM
> Subject: [keycloak-dev] How should reset-password-email work?
> 
> http://keycloak.github.io/docs/rest-api/admin/realms/%7Brealm%7D/users/%7Bid%7D/reset-password-email/index.html
> 
> I'm looking into KEYCLOAK-1543 [1], which concerns the REST API for
> reset-password-email [2].  I want to make sure I understand how this is
> meant to work.
> 
> You make a call to send the user a reset-password email.  And you
> specify a client id and a redirect uri.   I assume the redirect uri is
> the place the user is sent after he changes his password?  (via a link
> he clicks to continue)
> 
> Right now, it looks like the code is checking the client config to make
> sure that the redirect uri is included in the client's "valid redirect
> uri's".  So if redirect uri is specified then client id is also required?
> 
> The problem is that currently, the redirect uri is ignored and the user
> is always sent to the base uri of the client.

Actually I don't think it should be possible to specify a redirect uri for this endpoint. The endpoint is intended for an admin to send a login link to a user and so it can't be part of a login flow. As it's not for a login flow it doesn't make sense to use a redirect uri. Instead it should just be able to specify client and have the user sent to the base uri of the client.

> 
> Please let me know if any of the above is incorrect.  I want to make
> sure I have this right as I fix it and update the documentation.
> 
> [1] https://issues.jboss.org/browse/KEYCLOAK-1543
> [2]
> http://keycloak.github.io/docs/rest-api/admin/realms/%7Brealm%7D/users/%7Bid%7D/reset-password-email/index.html
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>