[keycloak-user] How can user change his password after login?

Fri Apr 13 15:52:30 EDT 2018

The "Required Actions" are used by admin to force user take some actions in
the next login. What i am asking for is how the user can change his
password after successfully login. Maybe the user realizes his password has
been compromised and want to update it.
I don't want to use the "Forgot Password" link on the login page because

   - the user did not forget his password, he just want to change it
   - maybe the user's email is also compromised and cannot access email
   - the link in the password reset email has an expiring time

Thai

On Fri, Apr 13, 2018 at 9:48 AM, Sachin Rastogi <sr.misc at gmail.com> wrote:

> Hi,
>
> Have you tried to enable "Update Password" under Authentication in
> "Required Actions". Please ensure that user also have "Update Password" in
> Required User Actions under respective User.
>
> Regards,
> SR
>
>
>
>
>
>
>
> On Wed, Apr 11, 2018 at 5:39 PM, Nhut Thai Le <ntle at castortech.com> wrote:
>
>> Hello,
>>
>> We are using Keycloak 3.4.3Final for authentication only and we want to
>> create a link from the application so that user can change their password
>> after login.
>> I looked at the forget password flow and see the page
>> http://localhost:8180/auth/realms/testRealm/login-actions/
>> required-action?execution=UPDATE_PASSWORD&client_id=
>> account&tab_id=TI2aayKftXY
>> is what we need. Is there anyway to generate this link without the time
>> constraint?
>>
>> Thank you
>>
>> Thai
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>

-- 
Castor Technologies Inc
460 rue St-Catherine St Ouest, Suite 613
Montréal, Québec H3B-1A7
(514) 360-7208 o
(514) 798-2044 f
ntle at castortech.com
www.castortech.com

CONFIDENTIALITY NOTICE: The information contained in this e-mail is
confidential and may be proprietary information intended only for the use
of the individual or entity to whom it is addressed. If the reader of this
message is not the intended recipient, you are hereby notified that any
viewing, dissemination, distribution, disclosure, copy or use of the
information contained in this e-mail message is strictly prohibited. If you
have received and/or are viewing this e-mail in error, please immediately
notify the sender by reply e-mail, and delete it from your system without
reading, forwarding, copying or saving in any manner. Thank you.
AVIS DE CONFIDENTIALITE: L’information contenue dans ce message est
confidentiel, peut être protégé par le secret professionnel et est réservé
à l'usage exclusif du destinataire. Toute autre personne est par les
présentes avisée qu'il lui est strictement interdit de diffuser, distribuer
ou reproduire ce message. Si vous avez reçu cette communication par erreur,
veuillez la détruire immédiatement et en aviser l'expéditeur. Merci.