User password change

Hi,

my question may be obvious but I didn’t find any easy solution for it.
I have a simple Single Page Application that uses Keycloak to authenticate users and use its JWT to access some Rest API. So far so good.
I create a list of users ( without email for some specific reason ) and I added some random password to each client that must be changed at first access. The problem is that I need to give a user the ability to reset its password in complete autonomy and whenever he wants without any admin intermediation.
I see some blog post that explains how API Rest can be used for a password reset but I would prefer not to do it over API because I’ll need to implement that on my own. My idea would be to give some access rights on each user which give them permission to enter in restricted Keycloak page and reset their own credentials.
Any suggestions or tips are welcome.
Thanks in advance

Aleksandar

You could give your users access to the account console located at :
https://<keycloak-url>/auth/realms/<realm>/account

There is a form to update password (and other useful information about the account).

1 Like

That’s what I was looking for.

Thanks

We are able to change password without the problem, but we need to close all sessions (do single sign out) automatically after password change. Is it possible to configure this behavior for realm inside admin GUI?

Thank you in advance for help.

The APIs below might help.

Logout:
http://<keycloak-url>/auth/admin/realms/<realm>/users/<keycloak-user-id>/logout

Sessions associated:
http://<keycloak-url>/auth/admin/realms/<realm>/users/<keycloak-user-id>/sessions

1 Like

I have one drop down in one field is “Change Password” now how to set redirect url this keycloak user password change url

If you use spring boot:

@Autowired
    private AdapterDeploymentContext adapterDeploymentContext;
@GetMapping("/account")
    public String account(RedirectAttributes attributes, HttpServletRequest request, HttpServletResponse response) {
        final HttpFacade facade = new SimpleHttpFacade(request, response);
        final KeycloakDeployment deployment = adapterDeploymentContext.resolveDeployment(facade);
        attributes.addAttribute("referrer", deployment.getResourceName());
        attributes.addAttribute("referrer_uri", request.getHeader("referer"));
        return "redirect:" + deployment.getAccountUrl() ;
    }

More details GitHub - amaryassa/secure-diffrents-apps-with-keycloak: keycloak + Angular + Spring thymeleaf + Spring Micro Service