[keycloak-user] keycloak reset issue.

[Sheng Hong Pan]

We are having issue with Keycloak (3.0.0) reset feature. User is getting an error of  "WE'RE SORRY ... An error occurred, please login again through your application". We looked log and there are many errors (see below) related to invalid_code.

2018-04-30 13:13:09,188 WARN  [org.keycloak.events] (default task-60) type=RESET_PASSWORD_ERROR, realmId=<realm name>, clientId=null, userId=null, ipAddress=<ip>, error=invalid_code

After further investigation, we found that multiple requests with same active code are hitting on the server and it looks like that reset password url becomes invalid after first access. There is a similar complain ( http://lists.jboss.org/pipermail/keycloak-user/2016-February/004828.html ) on an older version of keycloak. Is the issue addressed in the 3.0.0?

Thanks.

-Sheng

----------------------------------------------------------------------
This e-mail, including any attached files, may contain confidential and privileged information for the sole use of the intended recipient.  Any review, use, distribution, or disclosure by others is strictly prohibited.  If you are not the intended recipient (or authorized to receive information for the intended recipient), please contact the sender by reply e-mail and delete all copies of this message.