xgp
commented
1 year ago Good catch. I think it was an oversight, rather than intentional. I agree that both verify the user’s email. Happy to take a PR in this regard.
Closed Arnaud-J closed 1 year ago
xgp
commented
1 year ago Good catch. I think it was an oversight, rather than intentional. I agree that both verify the user’s email. Happy to take a PR in this regard.
Arnaud-J
commented
1 year ago Happy to work on that PR. Care to guide me a little? I have used Keycloak for a while but never worked on extensions.
xgp
commented
1 year ago Sure. I’m out for the week, but I can add some context on how to use/test next week.
Arnaud-J
commented
1 year ago @xgp I think I managed on my own. I was able to build the extension, deploy it in the providers folder of a dockerized Keycloak 21.1.1, and test it works with the authentication flow described in the README.
Please have a look at the PR 🙂
xgp
commented
1 year ago @Arnaud-J Thanks. Sorry I didn't get to this. I'll take a look at the PR.
xgp
commented
1 year ago Fixed in #38
First of all, thanks for building and open-sourcing this great extension.
I noticed that, when using Magic Links, the user's email is automatically marked as verified when they click the link. I believe this code is responsible.
Otherwise, when using Email OTP, nothing is done concerning email verification when a user uses the code to log in.
I am wondering if that is a design choice. Or maybe a technical limitation.
To my understanding, both methods, Magic Link or Email OTP, can ensure that the user has access to their email account, and that their email address should be marked as verified on Keycloak.
Can you provide details about this? Thanks