We're using 1.2.0.Final, and we're running our tests on a separate realm as our master realm is reserved for admin tasks only. Not sure if the behavior changes from master to other realms.

In 1.2.0.Final version, both new and existing users have to verify their emails once the feature is turned on. Maybe it's broken in the newer version.

Stian, will the ticket created by you (KEYCLOAK-1696) capture the initial bug mentioned by me as well? Or do I have to report a separate ticket for that?

Thanks,

Lohitha.

On Fri, Jul 24, 2015 at 7:47 PM, Stian Thorgersen <stian@redhat.com> wrote:

The test only checks if new users have to verify email, not that existing users have to verify email. Added https://issues.jboss.org/browse/KEYCLOAK-1696

----- Original Message -----
> From: "Stian Thorgersen" <stian@redhat.com>
> To: "Bill Burke" <bburke@redhat.com>

> Cc: keycloak-user@lists.jboss.org
> Sent: Friday, 24 July, 2015 4:10:44 PM
> Subject: Re: [keycloak-user] Users able to retrieve a valid Access Token despite not verifying their email
>
> Was just looking at it and can't find anything that would check it, but
> RequiredActionEmailVerificationTest which is supposed to test it is passing
>
> ----- Original Message -----
> > From: "Bill Burke" <bburke@redhat.com>
> > To: "Stian Thorgersen" <stian@redhat.com>
> > Cc: keycloak-user@lists.jboss.org
> > Sent: Friday, 24 July, 2015 4:08:06 PM
> > Subject: Re: [keycloak-user] Users able to retrieve a valid Access Token
> > despite not verifying their email
> >
> >
> >
> > On 7/24/2015 9:59 AM, Stian Thorgersen wrote:
> > >
> > >
> > > ----- Original Message -----
> > >> From: "Bill Burke" <bburke@redhat.com>
> > >> To: keycloak-user@lists.jboss.org
> > >> Sent: Friday, 24 July, 2015 3:41:51 PM
> > >> Subject: Re: [keycloak-user] Users able to retrieve a valid Access Token
> > >> despite not verifying their email
> > >>
> > >> So, setting a verify email required action allows you to replicate the
> > >> problem?
> > >>
> > >> What version of Keycloak are you using? Just looking at the code from
> > >> 1.3 and master we don't allow the creation of a token if a required
> > >> action is active.
> > >
> > > The problem is that when a user logs in we check if verify email is
> > > required by the realm, if it is and user hasn't verified email we add the
> > > required action. We don't do this check in the direct grants api.
> > >
> >
> > This check might be gone entirely now.
> >
> > --
> > Bill Burke
> > JBoss, a division of Red Hat
> > http://bill.burkecentral.com
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user