[keycloak-dev] Update password user experience

[Guilhem Lucas]

Hello,

Currently, a user choosing a password that violates password policies is
notified for the first failing policy only. The user needs several attempts
to find a valid password by discovering password policies one by one.
I think that this is a bad user experience that could be enhanced by one of
the following improvements.

1 - Display password policies in update password form
Account and login Freemarker template provider could be modified to add a
"policies" attribute in template context. This could be done by completing
the RealmBean object with a passwordPolicies property that contains the
list of enabled password policies.
This new property could then be used in templates to display password
requirements.
For example:

Your password must:
- contain at least one symbol

- contain at least one lower case character

- have 8 characters minimum
- not be equal of any of last 3 passwords


2- Report all failing policies
Templates are already designed to display a list of errors. Instead of stop
password validation on first policy error, it could be possible to continue
validating other policies and return a list of errors. This list can be
added to the template using the existing LoginFormsProvider#setErrors()
method.

Do you plan to add such improvement in a future release?

Thank you.

Guilhem Lucas