wiki

User Tools

Site Tools

Trace: send_email_through_keyclock
send_email_through_keyclock

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
send_email_through_keyclock [2026/03/09 05:26] sonalisend_email_through_keyclock [2026/03/09 08:00] (current) sonali
Line 1: Line 1:
 + <font 16px/inherit;;inherit;;inherit>**Overview**</font>
 +
 +A system where users can log in using their **email Id /Username + Email OTP** instead of username/password, by Keycloak.
 +
 +**Make Email OTP Java SPI **
 +
 # Run this to find the Keycloak container: # Run this to find the Keycloak container:
  
Line 20: Line 26:
 We need email-otp-authenticator JAR if it is not available We need email-otp-authenticator JAR if it is not available
  
-1. Download the email-otp-authenticator JAR+**1. Download the email-otp-authenticator JAR**
 <code> <code>
  
Line 27: Line 33:
 </code> </code>
  
-2. Copy into the running container +**2. Copy into the running container**
 <code> <code>
 docker cp email-otp-authenticator.jar keycloak_app:/opt/keycloak/providers/ docker cp email-otp-authenticator.jar keycloak_app:/opt/keycloak/providers/
Line 34: Line 39:
 </code> </code>
  
-3. Run build inside the container (registers the provider)+**3. Run build inside the container (registers the provider)** 
 +<code> 
 +# Verify it's there 
 +docker exec keycloak_app ls /opt/keycloak/providers/ 
 + 
 +</code>
  
 <code> <code>
Line 41: Line 51:
 </code> </code>
  
-4. Restart the container +**4. Restart the container**
 <code> <code>
 docker restart keycloak_app docker restart keycloak_app
Line 50: Line 59:
 # Now let's set up the Email OTP flow. Go to Keycloak Admin Console at [[https://64.227.190.56/|https://64.227.190.56/]]: # Now let's set up the Email OTP flow. Go to Keycloak Admin Console at [[https://64.227.190.56/|https://64.227.190.56/]]:
  
-1. First configure SMTP (if not already done)+**1. First configure SMTP (if not already done)**
  
-Realm Settings → \Email Host: smtp.gmail.com, Port: \587 From: from email \id Username: your username, Password: your app \password Enable StartTLS → Save → Test connection+Realm Settings → Email
  
-2. Create Email OTP Authentication \Flow Go to Authentication → Flows → Create \flow NameBrowser Email OTP → \Save Add step → Username Password Form → \Required Add step → Email OTP → Required+Hostsmtp.gmail.com,
  
-3. Bind the \flow Client → account → Advance Override realm authentication flow bindings. →Browser Flow → Browser email otp+Port: 587
  
-Customize email \content python3 -c "import zipfile; [print(f) for f in zipfile.ZipFile('email-otp-authenticator.jar').namelist()]"+From: from email id
  
-# check current email template python3 -c " import \zipfile with zipfile.ZipFile('email-otp-authenticator.jar') as z:+Usernameyour username, 
 + 
 +Password: your app 
 + 
 +password Enable StartTLS → Save → Test connection 
 + 
 +**2. Create Email OTP Authentication Flow**
 <code> <code>
  
-print(z.read('theme-resources/messages/messages_en.properties').decode())+Go to Authentication → Flows → Create flow Name: Browser Email OTP 
 +→ Save Add step → Username Password Form → Required Add step → 
 +Email OTP → Required
  
 </code> </code>
  
 +**3. Bind the flow**
 +
 +Client → account → Advance Override realm authentication flow bindings. →Browser Flow → Browser email otp
 +
 +**Customize email content**
 +<code>
 +python3 -c "import zipfile; [print(f) for f in zipfile.ZipFile('email-otp-authenticator.jar').namelist()]"
 +
 +</code>
 +
 +# check current email template
 +
 +<code>
 +python3 -c "
 +import zipfile
 +with zipfile.ZipFile('email-otp-authenticator.jar') as z:
 +    print(z.read('theme-resources/messages/messages_en.properties').decode())
 " "
 +
 +</code>
  
 # To customize the email text, create a custom Keycloak theme. Run these commands on the droplet: # To customize the email text, create a custom Keycloak theme. Run these commands on the droplet:
Line 115: Line 151:
  
 # Invalid otp issue\\ # Invalid otp issue\\
-The OTP field name sent by our server might not match what the extension expects. Let me check:\\+The OTP field name sent by our server might not match what the extension expects. Let me check:
 <code> <code>
-python3 -c "\+ 
-import zipfile\+python3 -c "\ 
-with zipfile.ZipFile('email-otp-authenticator.jar') as z:\+import zipfile\ 
-  print(z.read('theme-resources/templates/login-email-otp.ftl').decode())\\+with zipfile.ZipFile('email-otp-authenticator.jar') as z:\ 
 +  print(z.read('theme-resources/templates/login-email-otp.ftl').decode())\
 " "
 +
 </code> </code>
  
-Browser email otp Flow order should be \\ +**# Browser email otp Flow order should be** \\ 
-Username Form     → Required   (first)\\ +Username Form → Required (first)\\ 
-Email OTP Form    → Required   (second)+Email OTP Form → Required (second)
  
-Dont do this+**# Dont do this**
  
 - No required user action available in user details\\ - No required user action available in user details\\
send_email_through_keyclock.1773033980.txt.gz · Last modified: by sonali