Uploaded image for project: 'Red Hat build of Keycloak'
  1. Red Hat build of Keycloak
  2. RHBK-2772

Provide an option to force login after reset credentials [GHI#36844]

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False

      Before reporting an issue

      [x] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

      Area

      authentication

      Describe the bug

      Provide an option for the forget link (reset credentials) flow to force re-login after resetting the password with the email link. Currently the user remains logged in if the same auth session (same browser) is used. The main reason is that the reset credentials link is using an action token. This is not a problem with keycloak but maybe there are external storages that allow the password change and not the login for the same user.

      Version

      26.1

      Regression

      [ ] The issue is a regression

      Expected behavior

      The user should re-login after the reset credentials.

      Actual behavior

      N/A

      How to Reproduce?

      N/A

      Anything else?

      No response

              Unassigned Unassigned
              pvlha Pavel Vlha
              Keycloak Core Clients
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: