[keycloak-user] User old password verification via REST admin api

Stian Thorgersen sthorger at redhat.com
Tue Mar 22 02:13:50 EDT 2016


Bear in mind that approach will result in a session being created, so I
wouldn't recommend doing that to check password.
On 22 Mar 2016 01:44, "Doug Szeto" <DSzeto at investlab.com> wrote:

> If you already have the username and old password that you want to check,
> I just attempt to retrieve an access token. If it works, you know the old
> password is correct, then you can proceed in changing the password.
>
> POST - /auth/realms/{realm}/protocol/openid-connect/token
>
> headers.set("content-type", "application/x-www-form-urlencoded");
> headers.set("accept", "application/json");
>
> body.add("grant_type", “password”)
> body.add("username", username);
> body.add("password", password);
> body.add(“client_id”, {clientId})
>
> From: <keycloak-user-bounces at lists.jboss.org> on behalf of Stian
> Thorgersen <sthorger at redhat.com>
> Reply-To: "stian at redhat.com" <stian at redhat.com>
> Date: Monday, March 21, 2016 at 10:11 PM
> To: Adrian Matei <adrianmatei at gmail.com>
> Cc: keycloak-user <keycloak-user at lists.jboss.org>
> Subject: Re: [keycloak-user] User old password verification via REST
> admin api
>
> No, with the admin endpoints you can't retrieve the password, nor can you
> expect an admin to know the existing password so it shouldn't verify it
> either.
>
> On 21 March 2016 at 14:35, Adrian Matei <adrianmatei at gmail.com> wrote:
>
>> Hi everyone,
>>
>> Use case: "reset user password via REST admin API - PUT
>> /admin/realms/{realm}/users/{id}/reset-password"
>>
>> Is there a possibility to verify the user's old password before changing
>> it, as is the case via the Account app?
>>
>> Thanks,
>> Adrian
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160322/8a4c15dd/attachment.html 


More information about the keycloak-user mailing list