Details
-
Feature Request
-
Status: Closed
-
Major
-
Resolution: Done
-
1.1.0.Beta2
-
None
-
None
Description
The error message "Invalid username or password" is a bit confusing if a user tries to login with a correct username and password.
It would also be nice to configure a different expiration time for the "Authentication" process.
I totally understand why the password change process has to be finished in a given time, but I think it should be possible to login at any time. (So I can get a coffee before I enter my credentials...)
Maybe it's even possible to exclude the "Authentication" process from the time validation like that:
ClientSessionCode.java
public boolean isValid(ClientSessionModel.Action requestedAction) { ClientSessionModel.Action action = clientSession.getAction(); if (action == null) { return false; } int timestamp = clientSession.getTimestamp(); if (!action.equals(requestedAction)) { return false; } if(!clientSession.getAction().equals(ClientSessionModel.Action.AUTHENTICATE)){ int lifespan = action.equals(ClientSessionModel.Action.CODE_TO_TOKEN) ? realm.getAccessCodeLifespan() : realm.getAccessCodeLifespanUserAction(); return timestamp + lifespan > Time.currentTime(); }else { return true; } }
It would be very nice if this feature could be implemented for the version 1.1.0 Final.
Attachments
Issue Links
- relates to
-
KEYCLOAK-1037 Bad error message on login form in case of expired code
-
- Closed
-
