Getting verify-email action token

Is it possible to get verify-email action token using Keycloak API?
Use case: I want to send custom verify email, that cannot be configured by keycloak.
Now keycloak send verify email with link like this /login-actions/action-token?key=${token}. I interested in getting ${token}.


I’m also interested in being able to obtain the action_token instead of sending an email.
This would allow us to send the token using other ways like a SMS

Did you happen to find a solution for this ? Would like to implement the same thing.

Unfortunately no. It’s possible to add a custom email template but I haven’t seen any way to obtain the token itself without sending the email to the user.

So there is no way to programmatically invite someone to signup using the API ?

AFAIK, there is no way to get an action token via the Admin API.

I have solved this two ways before:

  1. adding a REST endpoint that takes the user_id, client_id and redirect_uri and returns the constructed link with the serialized action token
  2. adding a REST endpoint that takes the user_id, client_id and redirect_uri, constructs the link, and sends it using a custom email template or an API call to an SMS provider.

Regarding option 1, does that mean there is a way to construct that action token based on user_id, client_id and redirect_uri ? What API call is required for that ?

@ddewaele Not using the Admin API, but you can do it in code if you are writing an extension. Look at this example of creating an ExecuteActionsActionToken and then building the link using a UriBuilder:

Hello @xgp,
Do you have an example on how to do this, or where to place the extension?


There is decent documentation on writing extensions. For example, writing your own REST endpoint extensions: Server Developer Guide
And here’s some example code: keycloak/examples/providers/rest at main · keycloak/keycloak · GitHub