We are creating users within Keycloak through their API, and once that is done we send an “Update Password” action email. If the user clicks the link after it has expired, we would like to give them the option of re-sending the email by clicking a link. Is there something within the keycloak templates we can use to provide users a link of that would accomplish this?
If this isn’t the proper workflow, what would be the suggested path?
Thanks!
That’s not possible as the action sent to the user is no longer valid, so it doesn’t give any permissions to do anything. You could potentially achieve it with a custom action though.
Thanks for the info, haven’t looked into custom actions yet. The goal is not have users stuck with just an invalid link, and no way to continue without manual intervention. Would a custom action be something that will solve that?
If we are creating users and having them set their password, what is the expected workflow if they do not click the link in time before the link is invalid?
We would like to add an invitation feature. Basically the way it would work is to allow admins to do some parts of creating the user, then send an invitation link to users to complete the account (such as setting a password). There would still be an expiration on the welcome link, but probably longer than update password action. However, that is not something that is planned anytime soon I’m afraid.
I think you can set a longer expiration on the update password link when creating it. If I remember correctly you can set that on a case-by-base basis.
A final option is to create users with a temporary password. Just send the users the temporary password and they are forced to update the password the first time they login.
I was thinking we may have to go down the temporary password, so thank you for confirming that. I also appreciate the information and help you have provided!
Nick
hello, any update on this? I want to re-send the email too if the link expired. My workflow will be like this:
forgot password ==> get link==> link expired ==> resend link==> get link again==> link working ==> end