+
Skip to content

Provide an option to force login after reset credentials #36844

New issue
New issue
Closed
#36856
Closed
Provide an option to force login after reset credentials#36844
#36856
Assignees
rmartinc
Labels
area/authenticationIndicates an issue on Authentication areakind/bugCategorizes a PR related to a bugkind/cveIssues identified as CVEs on third-party dependencies, or issues which Keycloak is not affectedrelease/26.0.10release/26.1.1release/26.2.0team/core-clientsteam/rh-iam
@rmartinc

Description

@rmartinc
rmartinc
opened on Jan 27, 2025

Before reporting an issue

  • I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

authentication

Describe the bug

Provide an option for the forget link (reset credentials) flow to force re-login after resetting the password with the email link. Currently the user remains logged in if the same auth session (same browser) is used. The main reason is that the reset credentials link is using an action token. This is not a problem with keycloak but maybe there are external storages that allow the password change and not the login for the same user.

Version

26.1

Regression

  • The issue is a regression

Expected behavior

The user should re-login after the reset credentials.

Actual behavior

N/A

How to Reproduce?

N/A

Anything else?

No response

Metadata

Metadata

Assignees

Labels

area/authenticationIndicates an issue on Authentication areakind/bugCategorizes a PR related to a bugkind/cveIssues identified as CVEs on third-party dependencies, or issues which Keycloak is not affectedrelease/26.0.10release/26.1.1release/26.2.0team/core-clientsteam/rh-iam

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions
    点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载