I’ve been digging in the API docs and couldn’t find reset password. There is execute actions to update the password, but it seems you cannot send the user an email to reset it’s password. Or is there some hidden API to do that?
1 Like
Hi Fristi,
I had the same problem:
first you need a valid smpt-host and its credentials.
This can be configured in Keycloak under Realm-Settings -> Email .
I would advise testing the connection via the “Test connection”- button located at the right screen to ensure that the settings are correct.
After that, you can use the execute-actions request with the mandatory action “UPDATE_PASSWORD”.
I am currently using Java and the maven dependency
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-admin-client</artifactId>
<version><your prefered version></version>
</dependency>
Using this dependency, one can then call
Keycloak keycloak = new Keycloak();
List actions = new LinkedList<>();
actions.add(“UPDATE_PASSWORD”);
keycloak.realm(“realmname”).users().get("").executeActionsEmail(actions);
One final note:
instancing the Keycloak - object can actually be achieved by using the KeycloakBuilder like :
Keycloak keycloak = KeycloakBuilder.builder().serverUrl("<your_server_url>").realm(“your realm”).password("").clientId("<client_id>").clientSecret("<your_client_secret>").resteasyClient(<your_resteasyclient>);
Regards,
Matthias
1 Like
This is not working. I’m getting 404 for executeActionsEmail method call, with strange path. It somehow uses path from my method.
For example:
My method is createUser(); when returns 404 it says 404 for createUser
One could also try the direct call to keycloak with:
(Http-Method is PUT)
URL:
localhost:8080/auth/admin/realms/<your_realm_name>users/<user_uuid>/execute-actions-email
Header-Params:
Authorization: Bearer <your_access_token>
Content-Type: application/json
Request-Body (in json):
[“UPDATE_PASSWORD”]
The access-token which is needed can be obtained via:
URL:
(Method=POST)
http://localhost:8080/auth/realms/master/protocol/openid-connect/token
Header-Params:
Content-Type: application/x-www-form-urlencoded
Request-Body (x-www-form-urlencoded):
client_id : <your_client_name>
grant_type : password
client_secret : <your_client_secret>
username : <your_username>
password: <password_of_that_user>
(This should deliever a response containing the access-token which is needed to execute the first call to send an email. This can also be done via the “keycloak-maven”-dependency. It all depends somehow on the configuration in keycloak itself, though.)
(tested via postman)
Matthias