How to get the Invitation authentication flow working?

p2-inc / keycloak-orgs

Single realm, multi-tenancy for SaaS apps

https://phasetwo.io

Other

418 stars 72 forks source link

How to get the Invitation authentication flow working? #84

Closed matheushent closed 1 year ago

matheushent commented 1 year ago

So, what I've been trying is to use the Invitation authentication flow. Suppose I have a user named foo that was invited to the boo organization. How do I properly set an authentication flow to check the outstanding invitation and automatically add the user foo to the boo organization if the invitation exists?

So far I couldn't get this flow working. I'm thinking about this can be done in the post login flow, maybe adding some steps after... idk

xgp commented 1 year ago

For most use cases, the Invitation authenticator doesn't need to be in a flow. It should be sufficient to set the Invitation required action to Enabled in Authentication->Required Actions It will automatically run on every login and add itself if the user has outstanding invitations.

matheushent commented 1 year ago

I think this detail should be clearly mentioned in the public documentation.

Other than that, I could get the flow working, thank you!!

xgp commented 1 year ago

Updated. https://github.com/p2-inc/keycloak-orgs/tree/main#invitations See if you think that language is more clear. Thanks for the help and feedback.

matheushent commented 1 year ago

amazing mate, very helpful. Thank you!!