Check out the script based authenticator. You can check the mail verified state and set a
role accordingly. You can also use it
to check the federation link state.
e.g.
//Save email verified and federation link values to variables for evaluating
var mailver = user ? user.isEmailVerified() : "nover";
var fedlink = user ? user.getFederationLink() : "nofed";
...
//Grant a role
user.grantRole(realm.getRole("ExampleRole"));
Adam
-----Original Message-----
From: keycloak-user-bounces(a)lists.jboss.org [mailto:keycloak-user-bounces@lists.jboss.org]
On Behalf Of Krishna Kuntala
Sent: Friday, 18 August 2017 8:58 PM
To: keycloak-user <keycloak-user(a)lists.jboss.org>
Subject: [keycloak-user] Assign role to user using keycloak settings
Hi All,
I have enabled the email verfication flow for user registration. However, I am wondering
whether there is any way to assign a role to the user once Email has been verified. I
understand that this could be achieved by calling REST APIs but can we do this through
some keycloak configuration?
Also, is there any way to assign a role after user successfully links his profile with one
of the IdP (e.g. Google, Facebook)?
Thanks and Regards,
KK
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user