[keycloak-dev] Email verification and redirect_uri
Thomas Raehalme
thomas.raehalme at aitiofinland.com
Thu Sep 10 03:15:24 EDT 2015
Hi,
We are doing some testing regarding email verifications.
Everything seems to work great as long as the user keeps using the same
browser for every request (try to access a protected resource, register a
new account and click the email verification link).
If the user, however, registers with Firefox and the verification link in
email is opened to a different browser, say, Chrome, the user is shown a
message regarding successful verification and a link "Back to application".
The user is not redirected to the original protected resource.
If you read your email with a browser this is probably not going to happen.
But if your email client opens a different browser for any reason, then it
will break the process.
What do you think would it make sense to include the original redirect_uri
in the verification link to ensure that the user is redirected back to the
original protected resource? Or maybe you could store the redirect_uri on
the server next to the verification token?
Best regards,
Thomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20150910/52bff7a6/attachment.html
More information about the keycloak-dev
mailing list