-
paz authored
This is required to make them work with non-persisted accounts. We need non-persisted accounts because when the authorization is done on behalf of a keyword_handler there might be no account yet (because email authentication is bassed on signatures, not the account), and as we can't set a password we can't save the account. (And we don't want to save the account with a random password to avoid brute force opportunities.)