I’m planning to use keycloack as password recovery/initialisation feature.
So I tried to figure it out how it work

First I configure a SMTP server.
Secondly configure a user with a valid email
Thirdly i made an API call on /auth/admin/realms/{realm}/users/{id}/execute-actions-email
Then I received an email from keycloak but when i click on the generated link, an error page appeared and the logs said

[org.keycloak.events] (default task-25) type=EXECUTE_ACTION_TOKEN_ERROR, realmId=myrealm, clientId=null, userId=null, ipAddress=xxx.xxx.xxx.xxx, error=invalid_code, reason='Failed to parse JWT’

Is anyone to help me understand why the link generated by keycloak fails ??!!

Which version are you running?

The keycloak server is on version 6.0.1

By the way i was expected to have a “Update Password” required action set on the user I selected (in the user detail page)
But no …

Can you post the data that you send to the api?
And another question just out of interest, is there a reason you are still stuck on 6.0.1?

It’s weird but today it works fine ???!!! without a change

I figure it out that it doesn’t fit my needs because i need a update password on A FIRST connexion so without a token …
Here i need a token.
Which API do i need to call then ?

I am also getting this same error on keycloak 8.0.1 while attempting to send an email to update password.