[keycloak-user] update password failed - invalid code
Rashiq
rysiek at occrp.org
Fri May 5 13:20:09 EDT 2017
Hi,
Dnia piątek, 5 maja 2017 08:39:19 CEST rl.subscriber at gmail.com pisze:
> Hi, i encountered the same problem and my analysis is that it *depends on
> the mail client* you are using!!
>
> Because, when you use for example *Outlook Webmail* it tries to render the
> user action URL in the email and sends a request to open the URL. When this
> happens the key is used and invalidated for further requests. As a
> consequence, when the user clicks on the URL, the link is not valid and
> cannot be used anymore.
Oh wow. I was debugging this for a month -- a single user out of thousands
could not reset their password. Turns out they've been using Outlook Webmail.
> This does not happen with the classic Outlook Desktop Application.
>
> From my point of view, this makes this execute-action-email feature
> unusable.
>From my point of view this is a serious bug in Outlook Webmail. This is a
completely unexpected behavior, and one Keycloak cannot do much about. It's
also something Outlook Webmail developers can fix easily.
--
Pozdravi,
rashiq
More information about the keycloak-user
mailing list