1

I've reset the user password and set it as temporary in keycloak. Is there some REST API to change temporary password to regular when user will log in? It is important not to use keycloak's user interface. I've heard about experimental API but I can't find any of its documentation. Thanks for help

dreamcrash
  • 47,137
  • 25
  • 94
  • 117
Alexey
  • 362
  • 1
  • 5
  • 17
  • How do you do this "I've reset user password and set it to new temporary in keycloak." Via Keycloak Admin Console? – dreamcrash Dec 10 '20 at 10:52
  • Do you want the user to update the password the first time the user logins ? – dreamcrash Dec 10 '20 at 10:58
  • 1
    @dreamcrash Yes i want this. To change password to temporary i use public Keycloak API. ```CredentialRepresentation passwordCred = new CredentialRepresentation(); passwordCred.setTemporary(false); passwordCred.setType(CredentialRepresentation.PASSWORD); passwordCred.setValue(password);``` – Alexey Dec 10 '20 at 11:01

1 Answers1

1

I've heard about experimental API but i can't find any its documentation.

I think you are referring to this Keycloak Admin API

Assuming that:

I've reset user password and set it to new temporary in keycloak.

is done via endpoint already, then what you can do is to get the ID from that user, which you can get by using the endpoint:

curl -X GET  <KEYCLOAK_HOST>/auth/admin/realms/<REALM_NAME>/users/?username=<USER_NAME>

From the JSON response, extract the user ID. Then you call the following endpoint:

PUT <KEYCLOAK_HOST>/auth/admin/realms/<REALM_NAME>/users/<USER_ID>/reset-password

with the request payload:

{"type":"password","value":"<THE_PASSWORD_THAT_YOU_WANT_TO_SET>","temporary":false}

If what you want is to first set the password as temporary, and then when the user logs in for the first time, force the user to set to a new non-temporary password, then you need to call the following endpoint:

PUT <KEYCLOAK_HOST>/auth/admin/realms/<REALM_NAME>/users/<USER_ID>

with the request payload:

{"requiredActions":["UPDATE_PASSWORD"]}
dreamcrash
  • 47,137
  • 25
  • 94
  • 117
  • Actually i mean features from this comment https://stackoverflow.com/a/61388281/11564329 – Alexey Dec 10 '20 at 11:02
  • to send this request i need token. because i want to log in by user (not by admin that have changed user's password to temporary) i can't get user's token because response of keycloak server `Account is not fully set up`. If i send request without token i get `"error": "HTTP 401 Unauthorized"` – Alexey Dec 10 '20 at 11:11
  • Try to do the following get the admin token, and used with the endpoint PUT /auth/admin/realms//users/ with the payload {"requiredActions":["UPDATE_PASSWORD"]} – dreamcrash Dec 10 '20 at 11:15