问题描述
我正在尝试创建一个新用户,然后使用REST API验证其电子邮件地址.要发送验证电子邮件,我在Springboot中使用了自己的电子邮件类,因此,我没有调用keycloak的/send-verify-email 端点!创建用户后,可以在密钥斗篷控制台中看到已创建,启用了该用户,并且需要验证其电子邮件地址.
I am trying to create a new user and then verify his email address using REST API.To send verification email I am using my own email class in Springboot, so I am not calling keycloak's /send-verify-email endpoint!After I create user, I can see in keycloak console that user is created, enabled and his email address needs to be verified.
但是问题就在这里.如何使用Keycloak REST API验证电子邮件?没有用于此目的的终结点,并且我无法更新UserRepresentation,因为我没有访问令牌.而且,如果没有访问令牌,您将无法更新用户,对吧?
But here lies the problem. How can I verify the email using Keycloak REST API? There is no endpoint for this purpose and I can't update UserRepresentation, because I have no Access Token. And without access token, you can't update User, right?
因此,应该有一些不安全的端点,它们不需要访问令牌并验证< userID>/verify-email 之类的电子邮件,但是没有.因此,我正在寻找替代方法,如何验证用户的电子邮件.
So there should be some unsecured endpoint that won't require Access token and verify email like <userID>/verify-email or so, but there isn't. So I am looking for alternatives, how to verify user's email.
使用Keycloak Springboot客户端(或其调用方式)时,有一些用于此目的的方法(例如不带令牌的更新用户),但是很遗憾,我无法使用此库.
When using Keycloak Springboot client (or how it is called), there are methods for this purpose (like update user without token), but unfortunately I am not able to use this library.
我真的开始讨厌钥匙斗篷.
I am really starting to hate keycloak..
谢谢大家的帮助
推荐答案
这确实是不安全的方法-任何人都可以验证任何电子邮件.
That is really insecure approach - anyone will be able to verify any email.
使用适当的权限配置创建新的管理员用户/客户端(需要允许其更新用户)并使用它(=您需要登录过程->访问令牌)来更新用户模型( PUT/{realm}/users/{id} - emailVerified:true ).当然,该管理员用户将对电子邮件的正确性承担责任.
Create new admin user/client with proper permission configuration (it needs to be allowed to update users) and use it (= you need login procedure -> access token) to update user model (PUT /{realm}/users/{id} - emailVerified: true). Of course this admin user will own responsibility that email is correct.
这篇关于Keycloak-使用Rest API验证用户的电子邮件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!