[keycloak-dev] Adding a validate password endpoint in the Admin API
Stian Thorgersen
sthorger at redhat.com
Tue Jun 27 04:43:36 EDT 2017
I think the flow of allowing admins to set the users passwords are a bit
broken in the first place. No-one should know a users password, but
themselves. A better flow would be to send a password-reset link to users
through email and let them set the initial password themselves.
However, I can see that might not work for everyone so I don't feel to
strongly about not accepting this change. Let's see what others think about
it.
On 27 June 2017 at 09:03, Wim Vandenhaute <wim.vandenhaute at gmail.com> wrote:
> Hello list,
>
> Via an admin portal of a customer I am working for, they provide a feature
> where an admin can edit the user's data, including setting a new password.
>
> For the sake of atomicity, all update steps first go through a series of
> validations for all modified data before actually committing the changes
> and (if needed) updating the keycloak password
>
> At the moment, there is no way to pre-update do a validity check of the
> updated password against keycloak's configured password policy(ies)
>
> Therefor I would propose to have a validate-password endpoint in the Admin
> API.
>
> I've made a pull request already here:
> * https://github.com/keycloak/keycloak/pull/4229
>
> Any thoughts on this?
>
> Kind regards,
> Wim
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list