Open bard opened 3 years ago
Did you have any success with this extension? Im not getting the same error as you do, but the "Invitation validation url" is not being accessed and the account is created regardless
@Pfuenzle I didn't. But I was able to use built-in functionality to mostly replicate an invitation flow. Here it is in case you may find it useful:
Manage > Users
section of the GUI, Create a user with User Enabled: true
, Email Verified: true
, and Required User Actions: Update Password
Credentials
tab, set a temporary password. This will act as the "invitation code"https://myapp.com/oauth2/start?login_hint=bob@example.com
In step 3), the service or library that handles the OAuth endpoint needs to know that the login_hint
query parameter must be forwarded to KeyCloak. At the time, I was using oauth2-proxy and had to sligthly modify to add that. The flow would work in principle even without it, but the user would have to enter the email on the first step, which significantly degrades the experience.
I tried to compile the plugin with the latest kc (16.1.0) and I got compilation errors
one is:
when(httpClientProvider.getHttpClient()).thenReturn(httpClient);
in mockChallenge
if I add a cast
when(httpClientProvider.getHttpClient()).thenReturn((CloseableHttpClient) httpClient);
I get a run-time -error:
[ERROR] fr.redfroggy.keycloak.invitation.requiredactions.WebhookRegistrationSuccessTest.shouldChallengeErrorWhenUnexceptedException Time elapsed: 0.003 s <<< ERRO
R!
java.lang.ClassCastException: class org.apache.http.client.HttpClient$MockitoMock$148537412 cannot be cast to class org.apache.http.impl.client.CloseableHttpClient
(org.apache.http.client.HttpClient$MockitoMock$148537412 and org.apache.http.impl.client.CloseableHttpClient are in unnamed module of loader 'app')
at fr.redfroggy.keycloak.invitation.requiredactions.WebhookRegistrationSuccessTest.mockChallenge(WebhookRegistrationSuccessTest.java:140)
at fr.redfroggy.keycloak.invitation.requiredactions.WebhookRegistrationSuccessTest.shouldChallengeErrorWhenUnexceptedException(WebhookRegistrationSuccessTes
t.java:117)
Thanks for sharing this work! I've seen tickets going as far back as 2015 asking for something like it, with little effect, so I could hardly believe my eyes when I saw it pop up in Github's search results.
Reading the code, I see that
invitation-code
is intended to be passed as URL param. So I went to the login page, clicked on "Register", and appendedinvitation-code=abc123
to the URL, to see if it would work:Is that correct?
When I do that, I get this in KeyCloak's logs:
getHttpClient
seems to be there: https://github.com/keycloak/keycloak/blob/c3a15cb368eaa20d6af362926e1d77e7d96f7420/services/src/main/java/org/keycloak/connections/httpclient/DefaultHttpClientFactory.java#L75Any idea of what might be going wrong?