IDM 6 email validation links are not reusable

This topic contains 1 voice and has 0 replies.

  • Author
  • #24556


    I recently moved from IDM 5 to and noticed that email validation links you get in the pass reset flow are not reusable anymore. If you click on them once and do nothing and click on them the second time, you will get an “invalid code” error. I could not find this change in the release note. Can someone confirm it please? Is it configurable? Can I disable it?
    I did some investigation myself. I see that the code part of the pass reset link, which is stored in genericobjects table gets deleted from that table when I click on the pass reset link.

    I agree it would be a good security practice to invalidate pass reset links once they are used but if I just click on the link and don’t attempt to change my password, IMHO the link should remain valid.

    Thanks for your help,

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?