Hello
Is it possible to customize how the Forgot Password in Keycloak works. I’m looking to have it send a temporary password in the email instead of a link to reset.The user would have to use the temporary password to login and be prompted to update the password. If yes, how can this be accomplished?
Thanks
Issuing temporary passwords and sending then anywhere, is a security flaw/issue. That’s why Keycloak doesn’t do that.
If you really want to have such a bad feature, you will have to implement it yourself.
I agree. To clarify, my question was whether or not this can be customized. It was not to ask that Keycloak change its implementation.
Regards
As dasniko said, it is not a good idea to do that. However, if you REALLY REALLY want to do that, it is quite trivial to create a custom password reset flow in Keycloak in which you can do whatever you wish.
So you need to create a flow first, then you need to bind it for the realm you wish in the password reset flow setting. Of course that if you just create a flow on a default Keycloak you will not be able to change much, but you can add a custom extension in which you create whatever authenticator you wish and use that authenticator in your custom made password reset flow. So actually the steps would be:
Thank you, I appreciate the details. At one time, we did have our users reset via a link in the email. Some of our users had mail servers that stripped links from the emails. So we changed the process to sending a one time password for Forgot Password. So we need to be able to support this option if we move to Keycloak.