[keycloak-dev] Reset Actions
Stian Thorgersen
sthorger at redhat.com
Fri Nov 27 03:29:11 EST 2015
The new reset actions doesn't require the user to authenticate prior to
performing them. Is it not a bit dangerous that the user can change the
email address without authentication?
For reset password we obviously need to be able to do it without requiring
authentication, but shouldn't "bypassing" authentication be limited as much
as possible?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151127/29abda5f/attachment.html
More information about the keycloak-dev
mailing list