[keycloak-user] E-mail verification required action issues

[Marek Posolda]

Hi Viliam!

Nice to see you back on Keycloak mailing lists :)

On 20/02/18 17:27, Viliam Rockai wrote:
> Hey all,
>
> I got a couple of problems with the e-mail verification required action.
> 1. If it's turned on in the realm settings ("login tab") and I change
> the account e-mail (in "manage account"), I can't get back to the app.
> 2. While the (?) tooltip text  in the realm settings clearly says
> "Require the user to verify their email address the first time they
> login.", the feature includes verification with each e-mail change
> (not only the first login).  If that's expected behavior, it would be
> nice to have it more clear in the (?) tooltip text.
Yes, agree. We can probably improve the tooltip.

I don't think we should change the logic. If email was changed, it 
shouldn't be treated as verified anymore and should be re-verified IMO.
>
> For  1., the steps to reproduce are:
> 1. Download latest KC, unzip it, start it.
> 2. Configure logged-in user (admin) e-mail (in "manage account") and
> the Email realm settings. Make sure e-mail sending works.
> 3. Go to "manage account" and change your email.
> 4. Click "Back to Security Admin Console"
> 5. You should see the "EMAIL VERIFICATION" page
> 6. Click on the verification link in the e-mail
> 7. You should see the "YOU ARE ALREADY LOGGED IN" page, click on the
> "« Back to Application" link. This brings you back to step 5. instead
> of the admin console.
>
> And this is the error itself, you will find yourself in an endless
> loop defined by steps 5 - 7.
>
> I can create a JIRA for that, just wanted to make sure this is a bug,
> not a feature.
We did some fixes in 3.4.3, but it's possible that not for everything. 
Feel free to create JIRA.

Marek
>
> Thanks!
>
> Viliam
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user