New Password Reset Flow - External

LuizMauro · September 5, 2024, 4:41pm

I want to implement a password reset flow, within a website external to Keycloak, the user clicks on reset password, enters his/her email and receives a link to that same website (not Keycloak) with a token and a form to reset the password, after filling out the form, use this token to send it to the Keycloak API.

If anyone has already done something similar, or has supporting documentation to pass on to me, it would help me a lot!

bpedersen2 · September 6, 2024, 8:43am

Why would you want to do that? One of the main security features of oidc/saml is that the user never enters credentials ( which includes during password reset) on anything outside the idm provider (==keycloak). Your flow just adds one more point to intercept the user credentials. So unless you want to capture user credentials, I don’t see a valid usecase.

Topic		Replies	Views
Redirecting back to the Login form after successfully resetting your password	1	966	April 17, 2024
Forcing login after password update/recovery Securing applications authentication	8	630	June 7, 2024
Implementing a Combined Password Reset and SSO Login Flow for Invited Users Getting advice authentication , identity-brokering	0	22	August 28, 2024
Issue: No Token Received after Custom Password Reset Getting advice authentication , oidc	0	201	October 21, 2023
Keycloak - Direct Reset Password URL Configuring the server	4	14143	November 29, 2022

New Password Reset Flow - External

Related Topics