Differences

This shows you the differences between two versions of the page.

--- send_email_through_keyclock [2026/03/09 05:23] – sonali
+++ send_email_through_keyclock [2026/03/09 08:00] (current) – sonali
@@ Line 1: / Line 1: @@
+ <font 16px/inherit;;inherit;;inherit>**Overview**</font>
+A system where users can log in using their **email Id /Username + Email OTP** instead of username/password, by Keycloak.
+**Make Email OTP Java SPI **
 # Run this to find the Keycloak container:
@@ Line 20: / Line 26: @@
 We need email-otp-authenticator JAR if it is not available
-. Download the email-otp-authenticator JAR
+**1. Download the email-otp-authenticator JAR**
 <code>
@@ Line 27: / Line 33: @@
 </code>
-. Copy into the running container
+**2. Copy into the running container**
 <code>
 docker cp email-otp-authenticator.jar keycloak_app:/opt/keycloak/providers/
@@ Line 34: / Line 39: @@
 </code>
-. Run build inside the container (registers the provider)
+**3. Run build inside the container (registers the provider)**
+<code>
+# Verify it's there
+docker exec keycloak_app ls /opt/keycloak/providers/
+</code>
 <code>
@@ Line 41: / Line 51: @@
 </code>
-. Restart the container
+**4. Restart the container**
 <code>
 docker restart keycloak_app
@@ Line 48: / Line 57: @@
 </code>
-# Now let's set up the Email OTP flow. Go to Keycloak Admin Console at https://64.227.190.56/:
+# Now let's set up the Email OTP flow. Go to Keycloak Admin Console at [[https://64.227.190.56/|https://64.227.190.56/]]:
-. First configure SMTP (if not already done)
+**1. First configure SMTP (if not already done)**
-Realm Settings → \Email
+Realm Settings → Email
-Host: smtp.gmail.com, Port: \587
-From: from email \id
-Username: your username, Password: your app \password
-Enable StartTLS → Save → Test connection
-. Create Email OTP Authentication \Flow
+Host: smtp.gmail.com,
-Go to Authentication → Flows → Create \flow
-Name: Browser Email OTP → \Save
-Add step → Username Password Form → \Required
-Add step → Email OTP → Required
-. Bind the \flow
+Port: 587
-Client -> account -> Advance Override realm authentication flow bindings. ->Browser Flow -> Browser email otp
-Customize email \content
+From: from email id
+Username: your username,
+Password: your app
+password Enable StartTLS → Save → Test connection
+**2. Create Email OTP Authentication Flow**
+<code>
+Go to Authentication → Flows → Create flow Name: Browser Email OTP
+→ Save Add step → Username Password Form → Required Add step →
+Email OTP → Required
+</code>
+**3. Bind the flow**
+Client → account → Advance Override realm authentication flow bindings. →Browser Flow → Browser email otp
+**Customize email content**
+<code>
 python3 -c "import zipfile; [print(f) for f in zipfile.ZipFile('email-otp-authenticator.jar').namelist()]"
-# check current email template
+</code>
+# check current email template
+<code>
 python3 -c "
-import \zipfile
+import zipfile
 with zipfile.ZipFile('email-otp-authenticator.jar') as z:
-  print(z.read('theme-resources/messages/messages_en.properties').decode())
+    print(z.read('theme-resources/messages/messages_en.properties').decode())
 "
+</code>
 # To customize the email text, create a custom Keycloak theme. Run these commands on the droplet:
 Step 1: Create theme directory \structure
-<code>docker exec keycloak_app mkdir -p /opt/keycloak/themes/cotrav/email/messages
+<code>
+docker exec keycloak_app mkdir -p /opt/keycloak/themes/cotrav/email/messages
 </code>
 Step 2: Create theme.\properties
-<code>docker exec keycloak_app sh -c 'cat > /opt/keycloak/themes/cotrav/email/theme.properties << \EOF
+<code>
+docker exec keycloak_app sh -c 'cat> /opt/keycloak/themes/cotrav/email/theme.properties <<\EOF
 parent=\base
 EOF'
 </code>
 Step 3: Create custom messages (edit the text as you like)
-<code>docker exec keycloak_app sh -c 'cat > /opt/keycloak/themes/cotrav/email/messages/messages_en.properties << \EOF
+<code>
+docker exec keycloak_app sh -c 'cat> /opt/keycloak/themes/cotrav/email/messages/messages_en.properties <<\EOF
 emailOtpSubject=Your Cotrav OTP \Code
 emailOtpYourAccessCode=Your one-time login code is:
 emailOtpExpiration=This code will expire in {0} minutes. Do not share it with anyone.
 EOF'
 </code>
 Step 4: Set realm to use this \theme
-<code>TOKEN=$(curl -s -X POST http://64.227.190.56:8080/realms/master/protocol/openid-connect/token
--d "client_id=admin-cli&grant_type=password&username=super.admin&password=SuperAdmin@26"
+<code>
+TOKEN=$(curl -s -X POST http://64.227.190.56:8080/realms/master/protocol/openid-connect/token
+-d "client_id=admin-cli&grant_type=password&username=superadmin_username&password=superadminpassword"
 | grep -o '"access_token":"[^"]*' | cut -d'"' -f4)
-curl -s -X PUT http://64.227.190.56:8080/admin/realms/master \\\
+curl -s -X PUT http://64.227.190.56:8080/admin/realms/master \
--H "Authorization: Bearer $TOKEN" \\\
+-H "Authorization: Bearer $TOKEN" \
--H "Content-Type: application/json" \\\
+-H "Content-Type: application/json" \
 -d '{"emailTheme":"cotrav"}'
 </code>
 Then test by logging in again — you should see your custom text in the OTP email.
+# Invalid otp issue\\
+The OTP field name sent by our server might not match what the extension expects. Let me check:
+<code>
+python3 -c "\
+import zipfile\
+with zipfile.ZipFile('email-otp-authenticator.jar') as z:\
+  print(z.read('theme-resources/templates/login-email-otp.ftl').decode())\
+"
+</code>
+**# Browser email otp Flow order should be** \\
+Username Form → Required (first)\\
+Email OTP Form → Required (second)
+**# Dont do this**
+- No required user action available in user details\\
+- Set Email & password