you can use PUT /auth/admin/realms/{realm}/users/{id}/reset-password

您可以使用 PUT /auth/admin/realms/{realm}/users/{id}/reset-password

• {id} is the user id in keycloak (not the login)

• {id} 是 keycloak 中的用户 ID（不是登录名）

Here is s sample body.

这是样本体。

{ "type": "password", "temporary": false, "value": "my-new-password" }

{ "type": "password", "temporary": false, "value": "my-new-password" }

Rather than specifying a new password manually a better security practice is to use the

与手动指定新密码相比，更好的安全做法是使用

PUT /auth/admin/realms/{realm}/users/{id}/execute-actions-email

PUT /auth/admin/realms/{realm}/users/{id}/execute-actions-email

admin call with "UPDATE_PASSWORD"as the required action. This causes Keycloak to send an email to the user that gives a magic link for the user to set a new password.

管理员调用"UPDATE_PASSWORD"作为所需的操作。这会导致 Keycloak 向用户发送一封电子邮件，为用户提供一个神奇的链接来设置新密码。

Note: {id} is the user id in keycloak (not the login)

注意：{id} 是 keycloak 中的用户 ID（不是登录名）

Keycloak recently introduced this feature, but it's currently still in preview and therefore not documented.

Keycloak 最近引入了此功能，但目前仍处于预览阶段，因此没有记录。

To make it work, you need to activate the account_apifeature by starting keycloak with the parameter -Dkeycloak.profile.feature.account_api=enabledlike so:

要使其工作，您需要account_api通过使用如下参数启动 keycloak来激活该功能-Dkeycloak.profile.feature.account_api=enabled：

bin/standalone.sh -Dkeycloak.profile.feature.account_api=enabled

(source: https://www.keycloak.org/docs/latest/server_installation/index.html#profiles)

（来源：https: //www.keycloak.org/docs/latest/server_installation/index.html#profiles）

After that, you can use POST /auth/realms/your-realm/account/credentials/passwordand provide the http Header Accept: application/json. The header will make keycloak use a RestAPI-Service which is accepting and returning JSON (instead of the default form-based one which is only accepting x-www-form-urlencodedand returns HTML.)

之后，您可以使用POST /auth/realms/your-realm/account/credentials/password并提供 http Header Accept: application/json。标头将使 keycloak 使用接受并返回 JSON 的 RestAPI-Service（而不是仅接受x-www-form-urlencoded并返回 HTML的基于表单的默认服务。）

As Request-Body, provide a JSON like this:

作为Request-Body，提供这样的 JSON：

{
    "currentPassword": "oldPassword",
    "newPassword": "newPassword",
    "confirmation": "newPassword"
}

A full example with curl would look like this:

curl 的完整示例如下所示：

curl --request POST 'https://path-to-your-host.com/auth/realms/your-realm/account/credentials/password' \
--header 'Accept: application/json' \
--header "Authorization: Bearer $ACCESS_TOKEN" \
--header 'Content-Type: application/json' \
--data-raw '{
    "currentPassword": "oldPassword",
    "newPassword": "newPassword",
    "confirmation": "newPassword"
}'

Note that - as written above - this feature is still in preview and might change in the future. So use it with caution!

请注意 - 如上所述 - 此功能仍处于预览阶段，将来可能会发生变化。所以请谨慎使用！

No, OAuth and OpenID Connect protocols doesn't define such feature and Keycloak also doesn't have ability to do this on user's behalf. There is a server-to-Server Admin API that alows to change the user's password or reset it but you can't call it from GUI. But the Keycloak provides some kind of "My Account Page" by url like http://localhost:8080/auth/realms/your-realm/account/- replace your-realmpart of URL and just redirect a user to it.

不，OAuth 和 OpenID Connect 协议未定义此类功能，Keycloak 也无法代表用户执行此操作。有一个服务器到服务器管理 API，允许更改用户密码或重置密码，但您不能从 GUI 调用它。但是 Keycloak 通过 url 提供某种“我的帐户页面”，例如http://localhost:8080/auth/realms/your-realm/account/- 替换your-realm部分 URL 并将用户重定向到它。

In documentation it called User Account Service

在文档中它称为用户帐户服务

Also if you use auto discovery you can obtain the url by reading account-servicefrom JSON by URL http://localhost:8080/auth/realms/your-realm

此外，如果您使用自动发现，则可以通过account-service按 URL 从 JSON 中读取来获取 urlhttp://localhost:8080/auth/realms/your-realm