I am using this endpoint to trigger an email in keycloak: /admin/realms/{realm}/users/{id}/execute-actions-email
I need to provide my own text in the email as an input. This input is variable and cannot be hardcoded in the email template provided by keycloak.
Is there a way to setup a new variable in the keycloak email template and provide that using the above mentioned API or any other way?
Related
We are using keycloak as auth provider by utilizing the OAuth Code Flow. The user logs in with their normal email and password on the keycloak login page. Is there a way to mask/hide or even map email adresses? Apple is doing this by saving the real email but using fake mails like j24hj21h4#apple.com for the "outer world". The reason I need this feature is to hide the real email adresses of our users for SSO.
From my point of view, your best bet would be extend the Authentication SPI of keycloak and implement your logic, it's is totally achievable.
This is not something you get out of keycloak by default, but it provides flexibility to plug our extensions.
Here you can find more details on this https://www.keycloak.org/docs/latest/server_development/#_auth_spi
Is there any possibility to configure custom registration flows in keycloak? I want to integrate a SMS OTP validation after the user fills the registration form and submit it.
Yes, you can copy the default registration flow and modify it to your needs (add authenticators for OTP etc.)
Afterwards change the authentication flow bindings to your newly created registration flow.
I want to use Keycloak to implement SSO but I noticed that there is no email OTP embedded in Keycloak. How do I sent OTP through email in Keycloak?
I want the OTP to be provided not only via GoogleAuthenticator or FreeOTP app but also via email.
Is it possible to do it with Keycloak?
Yes, it is possible, you need to new authenticator provider.
The Server Development part of the Keycloak reference documentation contains additional resources and examples for developing custom Keycloak extensions.
https://www.keycloak.org/docs/latest/server_development/index.html
or you can use this email 2fa otp keycloak provider
https://github.com/mesutpiskin/keycloak-2fa-email-authenticator
I want usernames (created using an algorithm) to be automatically assigned to users and want to allow login using both this username and email address. How do I do that in Keycloak?
You can use rest api to create user. This way you can use alghoritm to generate username. Documentation is here:
https://www.keycloak.org/docs-api/10.0/rest-api/index.html#_users_resource
In the realm settings go to Login tab and enable Login with email
I want to send Keycloak user reset password email from my web app without using Keycloak SMTP configuration. For that I am trying to generate the reset password link but I am not sure how to generate the code in URL. Are there any API call to generate action code or full reset password URL ? Keycloak generate something like below. I need to generate same. That's the objective.
https://server.com/auth/realms/xxx/login-actions/action-token?key=ffdfdfdfd
There is no such API directly exposed in Keycloak.
Keycloak provides action tokens that permits its bearer to perform some actions, e.g. to reset a password or validate e-mail address.
Perhaps you could have a look at the action tokens SPI:
http://www.keycloak.org/docs/3.3/server_development/topics/action-token-spi.html
This way you can handle your use case.