By default, Keycloak automatically logs in the user after performing a password reset flow.
If the user has prevously configured an OTP, I would like to ask for OTP authentication after the user has reset his password (and so to prevent the automatic login):
- The user clicks on “I forgot my password” link
- The user submits his username or email address
- The user receives an email and clicks on the link
- The user submits his new password
- If the user has previously configured an OTP:
- Ask for OTP Authentication
- The user is authenticated
I tried to play with the Authentication flows, but the OTP form is always shown before the password change form during the process:
I hope one of you can help me solve that
Thank you very much !