[keycloak-user] Is there a REST Admin API to initiate the Reset Password flow?

Lohitha Chiranjeewa kalc04 at gmail.com
Wed Feb 3 01:10:28 EST 2016


Hey Stian, let me re-track what I've been trying to say here....

My first query was to check with you guys if there was an admin API to
trigger the reset-password email. Seems there is no such API. However,
there is an admin API to just reset the password without email verification
(
http://keycloak.github.io/docs/rest-api/index.html#_set_up_a_temporary_password_for_the_user
).

My follow-up concern was that since there is an admin API to trigger the
verification email (
http://keycloak.github.io/docs/rest-api/index.html#_send_an_email_verification_email_to_the_user),
it would have been consistent if there was an admin API to send the
reset-password email as well.

Hope this clarifies the misunderstanding.


Regards,
Lohitha.

On Tue, Feb 2, 2016 at 2:19 PM, Stian Thorgersen <sthorger at redhat.com>
wrote:

> Have no idea what you are saying.
>
> We don't have any API outside of the admin endpoints that do password
> reset, register email or anything else like that. For the admin endpoints
> we have a very flexibly endpoint that lets you send exactly what actions
> you want.
>
> On 1 February 2016 at 19:00, Lohitha Chiranjeewa <kalc04 at gmail.com> wrote:
>
>> Hi Stian,
>>
>> I was referring to a potential API endpoint which actually sends out the
>> password reset email (there's a similar API which sends out the
>> registration email), not the existing one which just resets the password.
>>
>>
>> Regards,
>> Lohitha.
>>
>> On Mon, Feb 1, 2016 at 3:53 PM, Stian Thorgersen <sthorger at redhat.com>
>> wrote:
>>
>>>
>>>
>>> On 28 January 2016 at 08:41, Lohitha Chiranjeewa <kalc04 at gmail.com>
>>> wrote:
>>>
>>>> Thanks Fabricio, will check on how we can proceed with such an
>>>> implementation.
>>>>
>>>> Since there is an already existing registration-email API, I thought
>>>> it's consistent from Keycloak's perspective to expose a reset-password API
>>>> as well...
>>>>
>>>
>>> Not sure what you refer to, but there are no APIs for these actions
>>> outside of the admin endpoints.
>>>
>>>
>>>>
>>>>
>>>> Regards,
>>>> Lohitha.
>>>>
>>>> On Thu, Jan 28, 2016 at 2:31 AM, Fabricio Milone <
>>>> fabricio.milone at shinetech.com> wrote:
>>>>
>>>>> Hi Lohitha,
>>>>>
>>>>> I had the same requirements (Direct grant + forgotten password) and
>>>>> ended up implementing a SPI using some piece of code made by Pedro Igor.
>>>>>
>>>>> An extract of the DEV Mailing list called: "*Add custom REST paths?
>>>>> New SPI?*"
>>>>>
>>>>> *It is part of a working in progress around fine-grained authorization
>>>>>> [1].*
>>>>>> *The new SPI changes [2] specific to Keycloak are located in a
>>>>>> specific branch [3] in my Keycloak fork.*
>>>>>
>>>>>
>>>>>> *I need to discuss these changes with Bill and see what he thinks
>>>>>> about it. Depending on his feedback, I can prepare a PR and send these
>>>>>> changes to upstream.*
>>>>>
>>>>>
>>>>>>
>>>>>> *[1] https://github.com/pedroigor/keycloak-authz
>>>>>> <https://github.com/pedroigor/keycloak-authz>*
>>>>>> *[2]
>>>>>> https://github.com/pedroigor/keycloak/commit/5e99614aacb70f7840a5ae25cfeaf3fc9d74ac54
>>>>>> <https://github.com/pedroigor/keycloak/commit/5e99614aacb70f7840a5ae25cfeaf3fc9d74ac54>**[3]
>>>>>> https://github.com/pedroigor/keycloak/tree/keycloak-authz-modified
>>>>>> <https://github.com/pedroigor/keycloak/tree/keycloak-authz-modified>*
>>>>>
>>>>>
>>>>>
>>>>> Not sure if Keycloak will ever adopt those changes as official or
>>>>> something similar though.
>>>>>
>>>>> That's a good starting point.
>>>>>
>>>>> Regards
>>>>>
>>>>> On 27 January 2016 at 21:19, Stian Thorgersen <sthorger at redhat.com>
>>>>> wrote:
>>>>>
>>>>>> There is in the admin endpoints, but nothing that's available to
>>>>>> end-users.
>>>>>>
>>>>>> On 22 January 2016 at 06:45, Lohitha Chiranjeewa <kalc04 at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> There are a few clients of ours who use the Direct Grants API to
>>>>>>> authenticate their users. A requirement has come up to provide the Reset
>>>>>>> Password flow to those clients. From what I've checked and gathered,
>>>>>>> there's no REST API to initiate this flow (sending the Keycloak password
>>>>>>> reset email + resetting the password through the UI); only way to do is
>>>>>>> through the browser.
>>>>>>>
>>>>>>> If it's actually there somewhere, can someone point me to it?
>>>>>>>
>>>>>>>
>>>>>>> Regards,
>>>>>>> Lohitha.
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> keycloak-user mailing list
>>>>>>> keycloak-user at lists.jboss.org
>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> keycloak-user mailing list
>>>>>> keycloak-user at lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> *Fabricio Milone*
>>>>> Developer
>>>>>
>>>>> *Shine Consulting *
>>>>>
>>>>> 30/600 Bourke Street
>>>>>
>>>>> Melbourne VIC 3000
>>>>>
>>>>> T: 03 8488 9939
>>>>>
>>>>> M: 04 3200 4006
>>>>>
>>>>>
>>>>> www.shinetech.com  *a* passion for excellence
>>>>>
>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160203/d3d6f8c5/attachment.html 


More information about the keycloak-user mailing list