Actual SSO session after action token processing (i.e. verify email)

Hi, everybody!

I would like to have an established SSO session in browser after action token processed.
But I’ve found that if action token link executed in ‘clean’ browser (where no Keycloak cookies set before) no active SSO session remains after action token processing finished.

Flow example:

  1. Register new user in Browser 1
  2. Execute Verify email link in Browser 2
    This way, Browser 2 successfully verified email, but after that, client can’t fetch tokens using SSO (I am using JavaScript Adapter) and have to explicitly reauthenticate.

If steps 1 and 2 executed in one Browser, all is going ok. But this is not our case, because in fact we execute Step 1 through Admin REST API and Client opens verify email link in ‘clean’ browser.

Will be glad to take any advice how to reach that in the right way (we already customized different SPIs, so coding approach suits us well).