Reset authentication flow within custom required action

Hi all, I need your advice for the following;

I have a custom authenticator that is executed in each browser flow. This authenticator logic uses some user attributes.
In order to populate these attributes, I have a custom required action that the user has to complete once upon registration. Once the required action is completed, the custom authenticator should be executed.

My question is; can I reset the authentication flow after completion of the required action? Prefarably without a re-enter of the user’s credentials.

Thanks in advance,

I’m trying the same thing: trying to go through the authentication flow when completing a required action.

Something like this has gotten me close (note, this code is called inside a custom required action):


However the problem is that this call to #restartSession forces the user to log in again, which is what I’m trying to avoid.

I want go through the whole authentication flow, so I guess I want to invalidate the session, but I also want to retain the credentials to do all that without having to log in again.

I found a solution: rewriting the redirect URI, so the login flow gets processed again.
For now, my solution only works with OIDC:

private String getLoginUrlFromRequiredActionContext(RequiredActionContext context) {
	String basePath = "/realms/" + context.getRealm().getName() + "/protocol/" + context.getAuthenticationSession().getProtocol() + "/auth";
	try {
		return new URIBuilder(basePath)
				.addParameter(OIDCLoginProtocol.CLIENT_ID_PARAM, context.getAuthenticationSession().getClient().getClientId())
				.addParameter(OIDCLoginProtocol.RESPONSE_TYPE_PARAM, context.getAuthenticationSession().getClientNote(OIDCLoginProtocol.RESPONSE_TYPE_PARAM))
				.addParameter(OIDCLoginProtocol.SCOPE_PARAM, context.getAuthenticationSession().getClientNote(OIDCLoginProtocol.SCOPE_PARAM))
				.addParameter(OIDCLoginProtocol.REDIRECT_URI_PARAM, context.getAuthenticationSession().getClientNote(OIDCLoginProtocol.REDIRECT_URI_PARAM))
	} catch (URISyntaxException e) {
		throw new RuntimeException(e);

Then, wherever you call context.success() in your required action, also reset the redirect URI like this:


Because there already is an ongoing session, the cookie authenticator will login the user without entering his password. The other authenticators configured in your browser flow will then be executed.

Any tips on how to improve the getLoginUrlFromRequiredActionContext method are welcome.