User password change

aleksandar78 · November 4, 2019, 9:03am

Hi,

my question may be obvious but I didn’t find any easy solution for it.
I have a simple Single Page Application that uses Keycloak to authenticate users and use its JWT to access some Rest API. So far so good.
I create a list of users ( without email for some specific reason ) and I added some random password to each client that must be changed at first access. The problem is that I need to give a user the ability to reset its password in complete autonomy and whenever he wants without any admin intermediation.
I see some blog post that explains how API Rest can be used for a password reset but I would prefer not to do it over API because I’ll need to implement that on my own. My idea would be to give some access rights on each user which give them permission to enter in restricted Keycloak page and reset their own credentials.
Any suggestions or tips are welcome.
Thanks in advance

Aleksandar

micedre · November 5, 2019, 6:23am

You could give your users access to the account console located at :
https://<keycloak-url>/auth/realms/<realm>/account

There is a form to update password (and other useful information about the account).

aleksandar78 · November 7, 2019, 10:10pm

That’s what I was looking for.

Thanks

anton.pytel · June 30, 2020, 10:38am

We are able to change password without the problem, but we need to close all sessions (do single sign out) automatically after password change. Is it possible to configure this behavior for realm inside admin GUI?

Thank you in advance for help.

Nandika · May 6, 2021, 2:08pm

The APIs below might help.

Logout:
http://<keycloak-url>/auth/admin/realms/<realm>/users/<keycloak-user-id>/logout

Sessions associated:
http://<keycloak-url>/auth/admin/realms/<realm>/users/<keycloak-user-id>/sessions

KetanMangukiya · July 29, 2021, 7:25am

I have one drop down in one field is “Change Password” now how to set redirect url this keycloak user password change url

ayoub96anbara · November 10, 2021, 1:26pm

If you use spring boot:

@Autowired
    private AdapterDeploymentContext adapterDeploymentContext;
@GetMapping("/account")
    public String account(RedirectAttributes attributes, HttpServletRequest request, HttpServletResponse response) {
        final HttpFacade facade = new SimpleHttpFacade(request, response);
        final KeycloakDeployment deployment = adapterDeploymentContext.resolveDeployment(facade);
        attributes.addAttribute("referrer", deployment.getResourceName());
        attributes.addAttribute("referrer_uri", request.getHeader("referer"));
        return "redirect:" + deployment.getAccountUrl() ;
    }

More details GitHub - amaryassa/secure-diffrents-apps-with-keycloak: keycloak + Angular + Spring thymeleaf + Spring Micro Service

Leonardorossato · April 19, 2023, 5:52pm

I have the same problem using keycloak with nestjs, i nedd a api route to user change password is possible?

vrajeshmodi30 · November 30, 2023, 7:19am

Any update on this ?

Topic		Replies	Views
Which REST API to use when user want to change its password PUT /Users or PUT /reset-password Getting advice admin-console , authentication , oidc	1	134	March 6, 2024
User Password Change Programatically	9	7627	August 2, 2021
How to redirect keycloak to my website after password reset Getting advice admin-console , authentication	2	5106	November 18, 2022
Integrate "Change password" (from account console) into own webapp? Getting advice account-console	10	18522	October 13, 2022
Keycloak reset password api Getting advice oidc	2	434	September 22, 2021

User password change

Related Topics