Keycloak-使用Rest API验证用户的电子邮件 [英] Keycloak - Verify user's email using Rest API

问题描述

我正在尝试创建一个新用户，然后使用REST API验证其电子邮件地址.要发送验证电子邮件，我在Springboot中使用了自己的电子邮件类，因此，我没有调用keycloak的/send-verify-email 端点！创建用户后，可以在密钥斗篷控制台中看到已创建，启用了该用户，并且需要验证其电子邮件地址.

I am trying to create a new user and then verify his email address using REST API. To send verification email I am using my own email class in Springboot, so I am not calling keycloak's /send-verify-email endpoint! After I create user, I can see in keycloak console that user is created, enabled and his email address needs to be verified.

但是问题就在这里.如何使用Keycloak REST API验证电子邮件?没有用于此目的的终结点，并且我无法更新UserRepresentation，因为我没有访问令牌.而且，如果没有访问令牌，您将无法更新用户，对吧?

But here lies the problem. How can I verify the email using Keycloak REST API? There is no endpoint for this purpose and I can't update UserRepresentation, because I have no Access Token. And without access token, you can't update User, right?

因此，应该有一些不安全的端点，它们不需要访问令牌并验证< userID>/verify-email 之类的电子邮件，但是没有.因此，我正在寻找替代方法，如何验证用户的电子邮件.

So there should be some unsecured endpoint that won't require Access token and verify email like <userID>/verify-email or so, but there isn't. So I am looking for alternatives, how to verify user's email.

使用Keycloak Springboot客户端(或其调用方式)时，有一些用于此目的的方法(例如不带令牌的更新用户)，但是很遗憾，我无法使用此库.

When using Keycloak Springboot client (or how it is called), there are methods for this purpose (like update user without token), but unfortunately I am not able to use this library.

我真的开始讨厌钥匙斗篷.

I am really starting to hate keycloak..

谢谢大家的帮助

推荐答案

因此，应该有一些不安全的端点，这些端点不需要访问令牌并验证/verify-email之类的电子邮件

So there should be some unsecured endpoint that won't require Access token and verify email like /verify-email

这确实是不安全的方法-任何人都可以验证任何电子邮件.

That is really insecure approach - anyone will be able to verify any email.

使用适当的权限配置创建新的管理员用户/客户端(需要允许其更新用户)并使用它(=您需要登录过程->访问令牌)来更新用户模型( PUT/{realm}/users/{id} - emailVerified:true ).当然，该管理员用户将对电子邮件的正确性承担责任.

Create new admin user/client with proper permission configuration (it needs to be allowed to update users) and use it (= you need login procedure -> access token) to update user model (PUT /{realm}/users/{id} - emailVerified: true). Of course this admin user will own responsibility that email is correct.

这篇关于Keycloak-使用Rest API验证用户的电子邮件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！