[keycloak-user] UserStorageProvider.updateCredential to receive current password

Pedro Igor Silva psilva at redhat.com
Thu Aug 8 09:01:23 EDT 2019


Hi,

AFAIK, that would require changes to the SPI.

However, a hack would be to
use org.keycloak.credential.CredentialInputValidator#isValid to set the
current credential (passed as a CredentialInput) into the KeycloakSession
as an attribute and retrieve it later on when updateCredential is invoked.

On Wed, Aug 7, 2019 at 2:47 PM Steve Thomas <Steve.Thomas at logibec.com>
wrote:

> Hi there,
>
> I have a custom UserStorageProvider with updateCredential method being
> implemented. Everything works fine but for security reason, I need the
> current password to be passed to that method as well.
>
> What is the suggested way if I want to change the behavior of the
> processPasswordUpdate method of the AccountFormService?
>
> Or is there a SPI I can use? Is there an example somewhere online?
>
> Thank you in advance
>
>
> [http://images.logibec.com/Logibec121x57.png]
>
>
> Steve Thomas
> Analyste-programmeur  Infrastructure de d?veloppement
> Programmer Analyst
> T +1-800-361-9659 | T +1 800 361-9659
> Steve.Thomas at logibec.com
> www.logibec.com
>
>
>
>
>
>
>
>
>
>
>
>
> AVIS DE CONFIDENTIALIT? Le pr?sent courriel et les informations qu'il
> contient sont confidentiels et demeurent la propri?t? exclusive de Logibec.
> Ils ne peuvent ?tre diffus?s ? quiconque hormis les membres du personnel
> devant en prendre connaissance, et ce, sous condition de leur avoir inform?
> qu'ils sont la propri?t? de Logibec, sont confidentiels et ne peuvent ?tre
> partag?s ? un tiers sans une autorisation pr?alable ?crite de Logibec. Si
> vous n'?tes pas le destinataire vis?, veuillez en aviser imm?diatement
> l'?metteur et d?truire le contenu du courriel sans le communiquer ou le
> reproduire.
>
> CONFIDENTIALITY NOTICE This email and the information it contains
> contained herein are confidential and remain the exclusive property of
> Logibec. They may not be disseminated to anyone except the staff members
> who must be aware of it, provided that they have been informed that the
> documents are the property of Logibec, are confidential and can not be
> shared with a third party without the prior written authorization of
> Logibec. If you are not the intended recipient, please indicate it
> immediately and destroy the contents of the email without disclosing or
> reproducing it.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list