Hello Keycloak Mailinglist,
I'm struggeling with getting user registrations that requires email verification to
work in a native app context.
In my test setup I have a native (iOS) mobile app that includes OIDC authentication.
Normal login works perfectly: The Keycloak login form is opened in a webview, the user
logs in and redirects back to an app link which the native app can handle, all good.
Things don't work that smooth when a user wants to register within the webview.
Here's what happens to my understanding:
1. Webview is opened, Keycloak creates a new authSession where the redirectUri (from the
redirect_uri url query parameter) is stored.
2. User registers, verification email is sent.
3. User clicks on the email verification link which opens in the system browser where the
authSession of the app's webview is obviously not present. The user is presented with
the confirmEmailAddressVerification verification and clicks the proceedWithAction link.
4. Email is now verified. However, since the original authSession that was created in the
webview and that contained the redirectUri is not present in the system browser, the user
is now presented with a link to the baseUrl of the client instead of the app-url that was
originally passed as redirect_uri to the initial authorization request. I have tried to
configure the app url as "Base URL" in the client, but this doesn't get
rendered in the view. Instead the "back to application" link points to
/auth/realms/REALMNAME/account
I think this whole problem is not specific to the native app use case: we would have the
same issue if the registration process is started in one browser and the email
verification link is opened in a different browser where the initial login authSession is
not present.
Has anyone ever gotten this to work? I.e. continuation of a registration flow in a new
browser session which was different from the session where the registration began?
Thanks
Christoph