wiki

User Tools

Site Tools

Trace:
send_email_through_keyclock

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
send_email_through_keyclock [2026/03/09 05:18] sonalisend_email_through_keyclock [2026/03/09 08:00] (current) sonali
Line 1: Line 1:
 + <font 16px/inherit;;inherit;;inherit>**Overview**</font>
 +
 +A system where users can log in using their **email Id /Username + Email OTP** instead of username/password, by Keycloak.
 +
 +**Make Email OTP Java SPI **
 +
 # Run this to find the Keycloak container: # Run this to find the Keycloak container:
  
Line 20: Line 26:
 We need email-otp-authenticator JAR if it is not available We need email-otp-authenticator JAR if it is not available
  
-1. Download the email-otp-authenticator JAR+**1. Download the email-otp-authenticator JAR**
 <code> <code>
  
Line 27: Line 33:
 </code> </code>
  
-2. Copy into the running container +**2. Copy into the running container**
 <code> <code>
 docker cp email-otp-authenticator.jar keycloak_app:/opt/keycloak/providers/ docker cp email-otp-authenticator.jar keycloak_app:/opt/keycloak/providers/
Line 34: Line 39:
 </code> </code>
  
-3. Run build inside the container (registers the provider)+**3. Run build inside the container (registers the provider)** 
 +<code> 
 +# Verify it's there 
 +docker exec keycloak_app ls /opt/keycloak/providers/
  
-<code>docker exec keycloak_app /opt/keycloak/bin/kc.sh build 
 </code> </code>
 +
 +<code>
 +docker exec keycloak_app /opt/keycloak/bin/kc.sh build
 +
 +</code>
 +
 +**4. Restart the container**
 +<code>
 +docker restart keycloak_app
 +
 +</code>
 +
 +# Now let's set up the Email OTP flow. Go to Keycloak Admin Console at [[https://64.227.190.56/|https://64.227.190.56/]]:
 +
 +**1. First configure SMTP (if not already done)**
 +
 +Realm Settings → Email
 +
 +Host: smtp.gmail.com,
 +
 +Port: 587
 +
 +From: from email id
 +
 +Username: your username,
 +
 +Password: your app
 +
 +password Enable StartTLS → Save → Test connection
 +
 +**2. Create Email OTP Authentication Flow**
 +<code>
 +
 +Go to Authentication → Flows → Create flow Name: Browser Email OTP
 +→ Save Add step → Username Password Form → Required Add step →
 +Email OTP → Required
 +
 +</code>
 +
 +**3. Bind the flow**
 +
 +Client → account → Advance Override realm authentication flow bindings. →Browser Flow → Browser email otp
 +
 +**Customize email content**
 +<code>
 +python3 -c "import zipfile; [print(f) for f in zipfile.ZipFile('email-otp-authenticator.jar').namelist()]"
 +
 +</code>
 +
 +# check current email template
 +
 +<code>
 +python3 -c "
 +import zipfile
 +with zipfile.ZipFile('email-otp-authenticator.jar') as z:
 +    print(z.read('theme-resources/messages/messages_en.properties').decode())
 +"
 +
 +</code>
 +
 +# To customize the email text, create a custom Keycloak theme. Run these commands on the droplet:
 +
 +Step 1: Create theme directory \structure
 +
 +<code>
 +docker exec keycloak_app mkdir -p /opt/keycloak/themes/cotrav/email/messages
 +
 +</code>
 +
 +Step 2: Create theme.\properties
 +
 +<code>
 +docker exec keycloak_app sh -c 'cat> /opt/keycloak/themes/cotrav/email/theme.properties <<\EOF
 +parent=\base
 +EOF'
 +
 +</code>
 +
 +Step 3: Create custom messages (edit the text as you like)
 +
 +<code>
 +docker exec keycloak_app sh -c 'cat> /opt/keycloak/themes/cotrav/email/messages/messages_en.properties <<\EOF
 +emailOtpSubject=Your Cotrav OTP \Code
 +emailOtpYourAccessCode=Your one-time login code is:
 +emailOtpExpiration=This code will expire in {0} minutes. Do not share it with anyone.
 +EOF'
 +
 +</code>
 +
 +Step 4: Set realm to use this \theme
 +
 +<code>
 +TOKEN=$(curl -s -X POST http://64.227.190.56:8080/realms/master/protocol/openid-connect/token
 +-d "client_id=admin-cli&grant_type=password&username=superadmin_username&password=superadminpassword"
 +| grep -o '"access_token":"[^"]*' | cut -d'"' -f4)
 +
 +curl -s -X PUT http://64.227.190.56:8080/admin/realms/master \
 +-H "Authorization: Bearer $TOKEN" \
 +-H "Content-Type: application/json" \
 +-d '{"emailTheme":"cotrav"}'
 +
 +</code>
 +
 +Then test by logging in again — you should see your custom text in the OTP email.
 +
 +# Invalid otp issue\\
 +The OTP field name sent by our server might not match what the extension expects. Let me check:
 +<code>
 +
 +python3 -c "\
 +import zipfile\
 +with zipfile.ZipFile('email-otp-authenticator.jar') as z:\
 +  print(z.read('theme-resources/templates/login-email-otp.ftl').decode())\
 +"
 +
 +</code>
 +
 +**# Browser email otp Flow order should be** \\
 +Username Form → Required (first)\\
 +Email OTP Form → Required (second)
 +
 +**# Dont do this**
 +
 +- No required user action available in user details\\
 +- Set Email & password
  
  
send_email_through_keyclock.1773033492.txt.gz · Last modified: by sonali