[keycloak-user] Limit re-send verification emails
Dmitry Telegin
dt at acutus.pro
Wed Nov 21 10:13:21 EST 2018
Hello Viktor,
I'm afraid this is not out-of-the-box in Keycloak, but the good news is that you can implement it yourself.
Create a RequiredActionProvider by extending org.keycloak.authentication.requiredactions.VerifyEmail, override processAction() and implement the necessary throttling. You can store the timestamp of the last re-send as a user attribute.
I'd also suggest that you create a JIRA ticket so that this feature gets included into upstream Keycloak.
Good luck,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro
On Wed, 2018-11-21 at 14:20 +0100, Viktor Chuchurski wrote:
> Hello all,
>
> I have a question regarding re-sending of verification emails.
>
> Is it somehow possible to configure how often can the user request a
> re-send?
> As far as I looked, currently there is no check when the last re-send was
> requested, which allows a third party to spam "click" the resend button and
> cause problems on the mail server.
>
> Thanks in advance,
> Viktor
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list