使 WSO2 身份服务器中的旧重置密码链接无效 [英] Invalidating old Reset Password Links in WSO2 Identity Server
问题描述
我正在遵循此指南,以允许用户使用电子邮件.问题是当用户多次请求密码重置链接"时,生成的旧链接并没有失效.(可以使用最新链接或旧链接重置密码).
I am following this guide to allow the users to reset the password using email. The problem is when the user requests "password reset link" for multiple times, the old links generated are not invalidated. (Password can be reset using either the latest link or old links).
是否可以设置任何参数来使旧链接失效?
Is there any parameter I can set to invalidate the old links?
推荐答案
目前,生成的确认码只有在用户成功更改密码后才会失效.因此,正如您所提到的,用户将能够使用他检索到的任何确认码来恢复他的密码.而当用户成功更改密码时,之前生成的所有确认码都将失效.这是目前的默认行为,我们没有配置来更改它.
Currently, generated confirmation codes will invalidate only once user change his password successfully. So as you have mentioned user will be able to recover his password using any confirmation code he has retrieved. And when user successfully change the password, all the confirmation codes generated before that would be invalidated. This is the default behaviour for now and we don't have a configuration to change that.
这篇关于使 WSO2 身份服务器中的旧重置密码链接无效的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
