Is it possible to first use Auth0 (sms and verification code) and than to register user with email and password using of Auth0? What are endpoints for both of that?
Related
I have read keycloak docs and could not find if it is possible to allow users to login just with their email address.
No password, just an email code with each login.
Any advice is appreciated.
Desired result:
User should be able to register and then he should be able to login thrugh a mobile app (event if the email address isn't verified), the app shows a warning that email isn't verified and some app functionality a disabled
What i have:
native mobile app that has user signup and signin functionality
api server consumed by the app
keycloack instance
signup functionality is done by api server, it is a keycloak confidencial client that can create users
signin is done by the mobile app directly with a post call to keycloak /token endpoind that returns access token
all good, now i have a token that can be consumed by my api server and i know that it is a registered user with unconfirmed email address
The problem is that user don't receive any Welcome/Confirm email, but: if user goes to keycloak LogIn webpage and try to login with newly created user then he receives an email from Keycloak, but for LogIn through api there are no emails. Is there any way so solve this? Am i doing something wrong?
The only way to request user to verify emails is by requesting "Verify Email" action, but if i do this then user can't login with unverified email anymore
Login is done with POST to /auth/realms/realm/protocol/openid-connect/token and with {grant_type: 'password', password: 'string', username: 'string'} body
Calling PUT /{realm}/users/{id}/send-verify-email seems to behaves the same like requesting Verify Email to /execute-actions-email
I know I'm a few years late for this answer, but for anyone who comes here in the future, the devs answered in this thread here
This is a limitation with the execute actions endpoint and it uses a
generic email. It's not a bug, rather a limitation
And that's it. They have a specific endpoint just to send an email of verification but it's only a wrapper to the endpoint execute-actions-email
What would be the best way to create a login via email?
Currently we generate a JWT and send it via email. With this procedure the JWT token will expire at some point. We would like to extend the login (e.g. with code, refresh-token, access-token).
How can you create a fully-fledged login, which you normally get by logging in with username + password?
What other ways are there to provide a login via email?
I have an email address of a user. I’d like to create a user and send them an email with a link to set their password and activate their account. Is this kind of flow support in Keycloak ? I think I can provision user in Keycloak and send executeActionsEmail using UserResource. Is that the right way to do ?
Yes keycloak does support this kind of flow. You can use keycloak admin client for this.
UserResource is the right class for this. You are going in correct direction.
I want to send Keycloak user reset password email from my web app without using Keycloak SMTP configuration. For that I am trying to generate the reset password link but I am not sure how to generate the code in URL. Are there any API call to generate action code or full reset password URL ? Keycloak generate something like below. I need to generate same. That's the objective.
https://server.com/auth/realms/xxx/login-actions/action-token?key=ffdfdfdfd
There is no such API directly exposed in Keycloak.
Keycloak provides action tokens that permits its bearer to perform some actions, e.g. to reset a password or validate e-mail address.
Perhaps you could have a look at the action tokens SPI:
http://www.keycloak.org/docs/3.3/server_development/topics/action-token-spi.html
This way you can handle your use case.