How to trigger the "update password" page in keycloak for users

Getting advice
1

Hey,

I want to open the default “update password” page in keycloak for a user triggered via a link in the App.
The app is added via OIDC and their specific client.
The code from the account-pages where it says “update password” i was not able to re-use as this is some angular magic.

This is the URL I would need:

https://<domain>/auth/realms/<realm>/login-actions/required-action?execution=UPDATE_PASSWORD&client_id=<client>tab_id=XXXX???

How to generate this tab_id? How to open the update page?

another try was:

https://<domain>/auth/realms/<realm>/login-actions/required-action?execution=UPDATE_PASSWORD&client_id=<client>&response_type=code&scope=openid&ui_locales=XX

Not sure if there is missing a redirect param?

2

as a workaround we send reset-password mails via API. But that is not what we want to achieve. Thanks!

3

Try this one:
https://<domain>/auth/realms/<realm>/protocol/openid-connect/auth?client_id=<client>&redirect_uri=<client_redirect_uri>&response_type=code&scope=openid&kc_action=UPDATE_PASSWORD

This should initiate an update password flow. If the user is not yet authenticated, the login screen will occur first, then the update password screen comes and afterwards the user should be redirected to your client app.

1 Like
4

thanks!
that worked perfectly.

5

Hi there folks,
Could you please provide an example for a url you might use locally? Whenever I try setting something up that’s like what you post above I receive a “We are sorry… page not found” page for Keycloak

I’ve got something like: http://localhost:8080/auth/realms/disney/protocol/openid-connect/auth?client_id=ariel&redirect_uri=http://localhost:5053&response_type=code&scope=openid&kc_action=UPDATE_PASSWORD

6

The original answer is pretty old and uses the legacy default context path /auth, which is no more default today.
So, try to skip the base path /auth and use http://localhost:8080/realms/....

1 Like
7

Classic. Thank you so much @dasniko

1 Like
8

I created an account just to come here to say thank you @dasniko

I was editing the “update password” template locally and needed a way to view my changes - this works great.

1 Like
9

Hi,

https:///auth/realms//protocol/openid-connect/auth?client_id=&redirect_uri=<client_redirect_uri>&response_type=code&scope=openid&kc_action=UPDATE_PASSWORD

This URL opens the update password page after authentication But returns an error during page redirection. The error was invalid code.

But it works after removing the scope=openid from the request URL.

10

Good call! We should express our thanks to @dasniko and @xgp for all the time invested in this.

2 Likes
11

Hi there, I was currently struggling with some flows, update password related and stumbled over this gem, you might also find it useful.

The adapters login method accepts an action option, which can be set to UPDATE_PASSWORD. This will redirect you to the password reset page and redirect you back to your app afterwards with a param (or fragment) kc_action_status=success if the update was successful :partying_face:

This is available in versions 21.1.2 and 22.0.4. Haven’t checked others.

image
image1914×1684 489 KB