Optional email validation

On our legacy auth system we have email validation BUT it is an optional step. You can still use most features of the site but in several places we say “in order to use this feature you must validate your email”. Is it possible with Keycloak to have email validation as an optional step that you can complete any time after registering, and it just elevates your user privileges, rather than being a requisite to log in?

That is not the way the current verify-email RequiredAction works. However, you could likely build your own custom functionality that does this. I’d look at a sending the user an email with an action token with a handler that sets the verified email flag. Start here and let us know if you have questions: Server Developer Guide

Thanks, I suspected this was the case. To be honest I will try to carry on using our existing validation flow after the user has logged in then maybe assign them a group or role, it doesn’t need to be so close to the auth system. But as a next resort the action token handler sounds interesting.


We need to do that for own project too. I would like to know if you had successfully implemented this feature or can you share some experience relative to that ?

Thank a lot,

We override the implementation to get same behaviour…

Thank you for your feeback.

We are beginners in the KC world, so apologies for own triviales questions, but what implementation are you talking about exactly?