Open xgp opened 2 months ago
https://github.com/p2-inc/keycloak-orgs/tree/xgp/anon-invite
Did an experiment to see if we could do an anonymous action token (we cannot) to do a delayed user create on acceptance of org invite.
This code path in the Keycloak action token handler stops a token without a known userId from being passed to the handler:
keycloak-1 | 2024-04-11 17:47:43,064 WARN [org.keycloak.events] (executor-thread-2) type="EXECUTE_ACTION_TOKEN_ERROR", realmId="7e64e025-21e2-4241-9d2a-cb6ca6f1bfb6", clientId="account", userId="test2@bar.com", ipAddress="172.25.0.1", error="user_not_found", reason="invalidUserMessage", auth_method="openid-connect", token_id="cd6cd79c-1b82-4fb0-bdac-4fde121566c1", action="ext-org-invitation-link", response_type="code", redirect_uri="http://localhost:8080/auth/realms/test/account/", remember_me="false", code_id="b16e49df-2209-4982-9bf6-c31a02ee342d", response_mode="query"
We might try to do a separate endpoint to process the token and accept the invite before creating the user.
Create an action token link for invitations that will (in the handler)
Questions
User
)?