Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-4422

Make link included in reset-credentials mail valid for more than one use

    XMLWordPrintable

    Details

    • Docs QE Status:
      NEW
    • QE Status:
      VERIFIED

      Description

      Some spam filters seem to be consuming the link included in the email sent to the user, which leads to an "invalid_code" error when the actual user uses the link.
      I think a reasonable approach would be to let the link stay valid until the code/state key has timed out or when the user finishes the reset flow.

        Gliffy Diagrams

          Attachments

            Issue Links

            is incorporated by

            Sub-task - The sub-task of the issue KEYCLOAK-4627 Action Tokens

            • Major - A request that should be considered seriously but is not a show stopper.
            • Closed
            is related to

            Bug - A problem which impairs or prevents the functions of the product. KEYCLOAK-4871 Rest Endpoint execute-actions-email

            • Major - A request that should be considered seriously but is not a show stopper.
            • Closed

              Activity

                People

                • Assignee:
                  hmlnarik Hynek Mlnařík
                  Reporter:
                  stoffus Christopher Svensson
                  Tester:
                  Zuzana Schwarzova
                • Votes:
                  4 Vote for this issue
                  Watchers:
                  8 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: