[keycloak-user] Validating User Password Prior to Allowing Account Updates
Harness, Josh
Josh.Harness at jtv.com
Fri Oct 4 13:58:37 EDT 2019
Hello -
To enforce a higher level of security, we're wanting to require the user to supply their password whenever they update their profile in the account application of keycloak (e.g. email, first name, last name). Ideally, we'd want the password submitted along with the profile changes. If the password validates, then the profile is allowed to be updated (similar to how the update password screen works currently).
How would I accomplish this? The AccountFormService seems to be the class handling this but there appears to be no SPI for extending it. I did find the following JIRA but am unsure if the proposed profile SPI would accomplish what we need:
https://issues.jboss.org/browse/KEYCLOAK-2966
Any tips or pointers would be most appreciated.
Thanks!
______________________________________
Josh Harness
Principal Software Architect | JTV
9600 Parkside Drive | Knoxville, TN 37922
Email: Josh.Harness at jtv.com | www.jtv.com<https://www.jtv.com/>
Knoxville-Bangkok-Jaipur-Mumbai-Hong Kong
More information about the keycloak-user
mailing list