问题
I am trying to implement my own form for changing a user's password. I tried to find an API for changing a user's password in Keycloak but I couldn't find anything in the documentation. Is there an API for doing it?
回答1:
you can use PUT /auth/admin/realms/{realm}/users/{id}/reset-password
- {id} is the user id in keycloak (not the login)
Here is s sample body.
{ "type": "password", "temporary": false, "value": "my-new-password" }
回答2:
Rather than specifying a new password manually a better security practice is to use the
PUT /auth/admin/realms/{realm}/users/{id}/execute-actions-email
admin call with "UPDATE_PASSWORD" as the required action. This causes Keycloak to send an email to the user that gives a magic link for the user to set a new password.
Note: {id} is the user id in keycloak (not the login)
回答3:
No, OAuth and OpenID Connect protocols doesn't define such feature and Keycloak also doesn't have ability to do this on user's behalf. There is a server-to-Server Admin API that alows to change the user's password or reset it but you can't call it from GUI.
But the Keycloak provides some kind of "My Account Page" by url like http://localhost:8080/auth/realms/your-realm/account/ - replace your-realm part of URL and just redirect a user to it.
In documentation it called User Account Service
Also if you use auto discovery you can obtain the url by reading account-service from JSON by URL http://localhost:8080/auth/realms/your-realm
来源:https://stackoverflow.com/questions/33910615/is-there-an-api-call-for-changing-user-password-on-keycloak