Keycloak Server Version: 11.0.2
What we do
We enabled the default registration flow for our keycloak instance with a mandatory email verification.
On the public section of our page we directly link to the registration form using the keycloak-js-adapter that is provided by the server. For that we’re using the register-method of the keycloak-js instance that is redirecting to the keycloak server and displaying the registration form (https://github.com/keycloak/keycloak/blob/5f2837def08daee8462cdb962391c34bc2167300/adapters/oidc/js/src/main/resources/keycloak.js#L1349). Then we fill in our information and submit the registration form. Now the email verification hint is displayed – as expected.
Now we let the email verification link expire (in our case 5 minutes) and click on it afterwards.
What we expect
We expect that the user at least receives an error page telling him that the link is expired – and in best case an action that allows him to resend the verification email.
What actually happens
An empty registration form is shown to the user without any information about the error or what he should do now.
Note
When we’re starting the process by first calling the login method instead of the keycloak instance and manually navigate to create new user the expired link leads to the login form displaying the error message we would expect.
Screenshots
