Hi Team,
In our Keycloak 7.0.0 implementation, we are using custom authentication flow where in User can reset their forgotten password using email (email link generated by keycloak). It also incorporates multi factor authentication before redirecting user to password reset page.
We want to implement exactly same functionality when user admin initiates password reset request for any user. We are attempting this implementation with below steps -
When admin clicks on reset password button inside the application,
Custom API written in our keycloak extension is invoked.
This API sets required action as UPDATE_PASSWORD for given user and generates email link for the user using keycloak session and provider used is EmailTemplateProvider.class
The problem with this implementation is -
When user clicks on link inside password reset email , user is redirected to Update Password Page.
Expected Behaviour is -
User should be prompted to go through multi factor authentication steps before going to Update Password Page.
My analysis is -
Since we are setting of required action & generating email link through custom API and not from browser, the user is not linked to any of the authentication flow.
Is there any way to implement this requirement same as forgotten password route.