In Red Hat Single Sign-On (and also in Keycloak), there is this Forgot Password? functionality. If you click it and then enter your username, you will get an email with a link to change your password.
Note: Visiting the URL of that link invalides it.
Problem: Some of our clients have security software which follow every link in emails, resulting in invalid tokens (“invalid code”) before the link even reaches the client.
Any suggestions?