Keycloak SPI to update password with condition
I am allowing user to reset their password using, forgot password functionality. But i needed to add few conditions before updating the password like,
- Check password is not same as old password.
- Check passwords satisfy the required criteria
- etc.
I was able to check the password criteria (Start with capital, must include numeric, must include special char, etc.) from the theme itself using JavaScript. But is there any way to check if the password is not same as previous password?
I was able to modify the reset flow by extending ResetCredentialChooseUser, Authenticator and AuthenticatorFactory class. But i am not able to figure out the code of update password.
After hours of debugging and searching, i found a solution. The solution was pretty simple. We don't need to do any changes in the code, we can just add the password policy under realm.
To create a password policy, you can go to: Relam -> Authentication -> Policies -> Password Policy -> Add Policy -> Not Recently Used
Now you can add number of previous passwords have to checked before password update. Save the policy. Now it will check the recently used password as well.
You can add more validations and checking using this functionality.
References