Federated Users - Trigger Password Reset Email in Custom SPI

[Kalyan Dasika]

Hi All:

We implemented a keycloak SPI to perform lookups/updates on an external user database.  

One of the features we wanted to implement is to trigger an email when users reach a certain number of login attempts. This is something we did in pre-keycloak version of our application and attempting to implement this feature. 

The guidance is to use the execute-actions-email admin REST end point by supplying the "UPDATE_PASSWORD" required action along with other inputs. But I consistently get a 403 response. 

I was looking around if in the custom SPI there is a way to use the Keycloak Java  API instead. I found an implementation of the executeActionsEmail method in UserResource. But this needs some additional initializations (mostly admin privileges I think). I'm stuck here as well.

I'm looking for any working example(s) that would help me understand how to implement this use case. Postman, Java API any thing would be highly appreciated.

Thank you,

Kalyan

 

[Sven-Torben Janus]

Hey Kalyan,

with the Java API you may want to create an ExecuteActionsActionToken and use the EmailTemplateProvider to send the email.

Check the UserResource for an example.

Regards

Sven-Torben