We’ve been trying to figure out how to access the password policy from the password reset template. According to our UI team, there’s no way to do that. So, we’ve explored other options:
- Validating Keycloak’s action token on the server side in order to allow the UI to call our server to get the password policy. But, the action token is signed by an HMAC key which we don’t have access to.
- Writing an Action Token SPI that would override the existing reset-password token that would call our server to generate and validate tokens. It’s not clear in the docs whether this is possible, but it sure is a roundabout to get the password policy.
Is there not a way to just pass the password policy into the password reset template?