samedi 23 mars 2024

Keycloak: force user to update password by api (not by email)

 Hi all,

I had to implement keycloak for one of my latest project. Keycloak is a wonderful tools but in my opinion, there is a lack of clear documentation.

As I had to migrate users from an old webportal database to keycloak, I had to force users to reset their password at their next login in order comply to security password.


By reading on the documentation, the solution was to use the url :

PUT /admin/realms/{realm}/users/{id}/execute-actions-email


within the body  ; UPDATE_PASSWORD 


The problem is this code sends an email, and if the user doesn't click on the link (available 12h), the former password is still present.


Here is the solution if you just want to send a "force reset"

just take a look at the api documentation and search the user with the Put verb 

PUT /admin/realms/{realm}/users/{id}


this method has several option, but in order to force the password update, we have to add this on the body

{"requiredActions":["UPDATE_PASSWORD"]}

now, as soon as this user is updated, the user will have to enter en new password


Have a nice work


Aucun commentaire:

Enregistrer un commentaire