Hi all,
I’ve been working on adding custom endpoints under the realm level to perform some new functions like user registration and send password reset email without going through the keycloak’s default web view. I’ve read the discussion regarding add custom REST paths, but I wouldn’t like to go off topic there.
Why I am doing this?
This is needed because I have to hit the keycloak server directly from the native Android UI, without going through the Keycloak default login/reset creds screen and get an user registered or an email to reset the password (among other possible future use cases).
What I got so far?
I’ve added a custom endpoint class (ForgotPasswordEndpoint) to org.keycloak.protocol.oidc.endpoints package in order to add a new path /auth/realms/{realm}/forgotten-password-email that sends an email to the specified user in a form attribute without going through the web view. I am also generating a key to be able to execute a client session required action of UPDATE_PASSWORD, so when the user clicks the link it will be asked to update its password.
What I’m not sure is about the approach I used to get this done. Let’s clear that up:
That’s the less invasive way I’ve found so far. However, today I have been trying to implement an SPI to achieve this (still trying to understand how to do that)
Is there a clean/proper way to generate a valid code/execution id as it is generated on the normal forgotten password email?
What is the right way to make a direct call to get a reset password email?
Thank you in advance.
Regards,
Fabricio