Automatic login after email verification (open in another browser)

Hi all,

I would like to make Keycloak automatically log in and redirect to the front-end application after the email verification step in which the URL is opened in another browser.

Desired outcome

  1. Register a user via Chrome browser or Mobile app
  2. Click the link in the email and opens the page in Edge for example
  3. Confirm the email address

After 3), it should automatically log in and redirects the user to the front-end application

Not 100% certain but I think that was working with Keycloak 11.0.3 and I have customised the Keycloak login templates so that

  • A link is shown at the bottom of the EMAIL VERIFICATION page and basically refreshes the current page once clicked after the email is verified by the user (i.e. clicked the link to verify)
  • A link is shown at the bottom of the YOUR EMAIL ADDRESS HAS BEEN VERIFIED page and runs the javascript to open an URL (https://{host}/realms/{realm}/protocol/openid-connect/auth?response_type=code&client_id={clientId}&redirect_uri={redirectUri}) to redirect to the front-end application

I have upgraded to use Keycloak 19.0.3 and notice it is no longer working.

Thanks for your help!

Found this post - Logging a user in directly from an ActionToken - Extending the server - Keycloak and the extension Magic Link login: Authenticator and Resource - Tips and tricks - Keycloak created by @xgp that might be able to resolve my issue

@xgp Am I correct that the extension is able to let me authenticate the user automatically by the action token? or have I misunderstood the usage of this extension?

After reading a bit more and looks like it requires an access token in order to generate a magic link…

I have an action token already, is it possible to make the login work with the action token that I have got for verifying the email?

@robertcck That’s bascially what our extension does here GitHub - p2-inc/keycloak-magic-link: Magic Link Authentication for Keycloak

If it doesn’t exactly fit your use case, you will get an idea of how to log in a user directly from an action token by looking at the source.

1 Like

Thanks @xgp :wink:
Will definitely look into that