Get reset password link(token) from Keycloak - keycloak

I have a process of adding new users that requires me to send two emails. One from Keycloak to ask the added user to create a password and one inviting them to my site.
I would like to use only one email sent by my site, not Keycloak. I know I can modify the reset email sent from Keycloak, but I would rather just send the email from my site.
Is there a way to get a password reset link or token from Keycloak so that I can insert it into my email?

Related

Strapi email validation is not working when registering users from admin console

I am using strapi for my user management and when I register user using register api, I am getting email validation into the user’s inbox, but when I add users from the admin console(Admin Panel) user is not getting any email validation mails.(Even when I register the user to be unconfirmed.)
The registration process send the confirmation e-mail for you.
After having registered, if you have set Enable email confirmation to
ON, the user will receive a confirmation link by email. The user has
to click on it to validate his/her registration.
There is an endpoint in the user permissions plugin for you to trigger the e-mail confirmation sending: POST /api/auth/send-email-confirmation. Don't forget to enable it for the public role.

Should I verify email addresses of Google Sign In users?

I am implementing an email verification service, with the purpose of confirming that the person registering is indeed the owner of that email address (specifically, that they work at the organisation that the email domain belongs to).
I will send an email post-registration with a single-use link in it that will set their status to verified = 1.
Users can choose to register and log-in using either a simple email/password combination, or by using the Google Sign In service.
My question is: do I need to verify the ones that have registered with Google Sign In? In order to provide their email address to me, they had to sign in with Google, who then confirmed the address. Is there anything I've missed here, or can I immediately consider these users to be the verified owners of these addresses?
If you are using google sign in there is no need to verify the user.
Whereas if have your own login system, then you must verify the email because
if the email is not verified then you cannot have forgotten password feature through email
and also the user might not have actually had the email so anyone else could create the same email and if you have forgotten password through email someone else could easily access others data.

Want to set up a system of sending email to users on my magento store who have forgot a password

I have set up a magento store of my own for my business of grocery products.
I have almost configured each and everything.
I have a mail server and can have as many email addresses as I require.
I have a theme set up for the store.
While a user tries to log in and has forgot a password, there is a link to click saying "Forgot Password".
On clicking it, it displays "An email has been sent to your account with new password details."
I know this will not send an email as I have to configure entire system.
I do not want to send a new password by email. Instead I want to send a link. On clicking this link, the user can go the it and have an option of password reset.
Please help me with this. It will be much much appreciated.
Magento's standard "Forgot Password" functionality works exactly as you've described - it sends a link to the user to reset his or her password - it doesn't just send a new password.
Magento uses Zend_Mail to send emails. By default, Zend_Mail will use PHP's mail() function (via Zend_Mail_Transport_Sendmail), which will usually send emails via sendmail or similar, depending on the PHP configuration.
If you have your own mail server that you'd prefer to use, you can configure Magento to use SMTP. This does require some code, but, luckily, there are some good extensions out there that already do this, like aschroder/Magento-SMTP-Pro-Email-Extension.

Do I need to verifiy a users email if they are sent a temporary password when an account is registered

I have a website where a user can login using MVC5 Identity. (Although this question is not specific to that technology)
For a user to register with this website we must have spoken to them over the phone and an account manager must go through a registration form which sets up an "unverified" account for the user.
Following this the user is sent an email verification link, along with a generated password to login. The registration you would normally fill out pre-login is done post-login.
So I was wondering if in this scenario I can simply treat the users first login as email verification becuase the only way they get their password is from the email.
Is there any way this could be exploited and open up any security holes/allow validation without owning the email?
Edit:
Wanted to add the password is temporary (expires after a fixed period) and the user will be able to drop into a password reset form and a have a new one emailed if they don't do it in time. If the user has given us the wrong email I assume most will phone us.
I do not see this having any exploitation or holes and you are right to think this can be used as the email verification. Try it, and see how it works. Maybe after the temporary password is typed the user is prompted to type in a new password of their choosing.

Intuit Open authentication and email addresses

At http://docs.developer.intuit.com/0025_Intuit_Anywhere/0010_Getting_Started/0030_Integrate_your_app/0030_Signing_Into_and_out_of_Intuit_From_Within_Your_App/Sign-in/Implement_SSO_and_OpenID_in_Your_App
it says the following:
"Intuit does not verify the user email address associated with the user's OpenID account. Therefore, do not use the email address for authentication and do not link user accounts based on email address."
What does it mean "do not use the email address for authentication"? I mean, isn't the user already authenticated, through OpenId.
Also it says that the user email address is not verified. But what if my app needs to send an email to a user that has logged through OpenId. How can I be sure the user will actually get the email? What is the recommended pattern to handle that?
Thanks
EDIT: also, can I use the email to uniquely identify a user, and if not, what should I use to uniquely identify a user from the open id response?
EDIT 2: also, is the developer charged when a user logs in with open id and the 36 day trial expires? Or is it just when using the "Connect to quickbooks" that the developer is charged, in which case, open id authentication itself is free?
Clement,
It means when a customer goes to the Intuit Appcenter and creates an account the email is not verified immediately, so you cannot single sign on a user based only on their email address if they already have an account in your system. You need to prompt them to login one time to map the two accounts.
If they are completely new then you can auto provision an account on your side and single sign them in, if you require the customer to verify their email address then you can send them a verification email.
thanks
Jarred