Hi,
I configured some required actions like so:
* password reset (priority 1)
* verify email (priority 2)
* terms and conditions (priority 3)
When the user triggers a password reset (via forgot password) I expect the following order:
action |context
--------|-------
password reset| session
verify email |user
terms and conditions |user
but instead they execute in the following order:
action | context
--------|-------
verify email |user
terms and conditions |user
password reset| session
This seems like a bug to me and I looked into the code and it seems to go
```java
Stream<String> requiredActions = user.getRequiredActionsStream();
// Here all the user required actions are executed, even if there are higher priority actions stored in the session...
Response action = executionActions(session, authSession, request, event, realm, user, requiredActions);
if (action != null) return action;
//... which are executed afterwards
action = executionActions(session, authSession, request, event, realm, user, authSession.getRequiredActions().stream());
if (action != null) return action;
```
One potential way of fixing this would be to concatenate user required actions and session required actions to execute them in one step.
The only obvious difference would be that we can't return early after executing the user actions, but I don't understand when that is actually desired.
Could you provide some context and would you like me to prepare a PR?
Kind regards,--
You received this message because you are subscribed to a topic in the Google Groups "Keycloak Dev" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/keycloak-dev/MqpYd7kKa3U/unsubscribe.
To unsubscribe from this group and all its topics, send an email to keycloak-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/c61b7177-fb48-420c-89a0-4a6218dad334n%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/a2852902-81d8-4a97-848d-9ef09c00aa57n%40googlegroups.com.