[keycloak-user] Users experience multiple emails sent from Keycloak
Dick Eimers
dick.eimers at luminis.eu
Tue Sep 20 16:00:29 EDT 2016
Hi,
We've got report about users who received activation/login-action emails (sent by Keycloak) multiple times.
After doing a bit of investigation we found out that emails are sent as a side-effect of pages obtained using a GET request, which could be the cause of sending multiple emails.
For example, after registration we hit a page at location:
<domain>/auth/realms/<realm>/login-actions/required-action?code=<code>
which also sends an email with the activation-link. Reloading this page results in the email being sent again (with a fresh code, invalidating the old one).
So maybe users are refreshing the page unintentionally, or their (mobile) browser is. Or they could be using the back-button and again hit this page, which sends the request once again also resulting in a new mail.
Is anyone else running into this? Should we create a new JIRA issue to fix/improve this?
More information about the keycloak-user
mailing list