使用 keycloak IDP 更改用户帐户密码
[英]User account change password with keycloak IDP
问题描述
I am developping a vue application protected by keycloak using keycloak-js.
我正在使用 keycloak-js 开发一个受 keycloak 保护的 vue 应用程序。 I have a requirement that each user have an account page in my app to change their password.我要求每个用户在我的应用程序中都有一个帐户页面来更改他们的密码。 .
.
However it seems that keycloak has no endpoint to check old password.但是,keycloak 似乎没有端点来检查旧密码。 How can i achieve this?我怎样才能做到这一点? I am wondering if this is the appropriate way to do with keycloak or not...我想知道这是否是处理 keycloak 的合适方法......
I already tried the update password action that send an email with magic link to the user so they can change their password.我已经尝试了更新密码操作,该操作向用户发送带有魔法链接的 email,以便他们可以更改密码。 However it is not compliant with owasp recommendation that advise to force user to type their old password each time.然而,它不符合 owasp 建议强制用户每次输入旧密码的建议。
1 个解决方案
解决方案1
0 2022-11-28 09:41:06
An alternative approach is for you to create a Keycloak client with Direct Access Grants enabled ( ie, Resource Owner Password Credentials Grant in OAuth2 terminology).另一种方法是创建一个启用直接访问授权的 Keycloak 客户端(即OAuth2 术语中的资源所有者密码凭证授权)。
Then you can use the token endpoint and exchange the username and password for an access token.然后您可以使用token endpoint并将username和password交换为访问令牌。 If the password is correct you get a token, otherwise it fails.如果密码正确,您将获得一个令牌,否则将失败。 Consequently, you can use this to infer if the user has inserted the old password.因此,您可以使用它来推断用户是否输入了旧密码。
In this GitHub repo you can see an example of how the call to the aforementioned endpoint would look like.在此GitHub 存储库中,您可以看到对上述端点的调用方式的示例。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.