[keycloak-user] Direct access to Send reset password email
Stian Thorgersen
sthorger at redhat.com
Thu Dec 17 04:44:17 EST 2015
This is just going to be your first headache trying to reproduce everything
Keycloak does in a native Android UI. I'd highly recommend you use a
webview with a custom theme instead.
Examples of flows that you are not going to be able to do:
* OTP
* Required actions
* Registration
* Social logins
* Recover password
* ...
On 11 December 2015 at 05:11, Fabricio Milone <fabricio.milone at shinetech.com
> wrote:
> Hi all,
>
> I’ve been working on adding custom endpoints under the realm level to
> perform some new functions like user registration and send password reset
> email without going through the keycloak’s default web view. I’ve read the
> discussion regarding add custom REST paths, but I wouldn’t like to go off
> topic there.
>
> Why I am doing this?
>
> This is needed because I have to hit the keycloak server directly from the
> native Android UI, without going through the Keycloak default login/reset
> creds screen and get an user registered or an email to reset the password
> (among other possible future use cases).
>
> What I got so far?
>
> I’ve added a custom endpoint class (ForgotPasswordEndpoint) to
> org.keycloak.protocol.oidc.endpoints package in order to add a new path
> /auth/realms/{realm}/forgotten-password-email that sends an email to the
> specified user in a form attribute without going through the web view. I am
> also generating a key to be able to execute a client session required
> action of UPDATE_PASSWORD, so when the user clicks the link it will be
> asked to update its password.
>
>
> What I’m not sure is about the approach I used to get this done. Let’s
> clear that up:
>
> - Created a new endpoint class similar to TokenEndpoint.java which
> sends an email with a link to update the user password.
> - The link is generated using the UriBuilder for the base path and the
> ClientSessionCode class for the access code, using the given realm, session
> and any other necessary data.
> - I am adding a required action to the clientSession
> (ClientSessionModel, created with the given UserModel) of the type
> UserModel.RequiredAction.UPDATE_PASSWORD.
> - Once the user clicks on the link, the normal updated account starts,
> without any modification.
>
> That’s the less invasive way I’ve found so far. However, today I have been
> trying to implement an SPI to achieve this (still trying to understand how
> to do that)
>
> Is there a clean/proper way to generate a valid code/execution id as it is
> generated on the normal forgotten password email?
>
> What is the right way to make a direct call to get a reset password email?
>
>
> Thank you in advance.
>
> Regards,
>
> Fabricio
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151217/b493eb8b/attachment.html
More information about the keycloak-user
mailing list