Replies: 1 comment 2 replies
-
It seems that the bug was introduced in #25711 . What's your suggestion for making it work in that case? |
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello there,
I want to migrate from Keycloak 23.0.6 to 24.0.3, and ran into an issue with idp-account-linking.
The following scenario:
I register in Keycloak 24.0.3, and verify my email.
Now I want to additionally link this account to Google as identity-provider, and start the linking process. I receive an email with a link to confirm.
I have two scenarios now:
if I open the link of the email in the same browser which was used to start the linking-process, everything works fine: the original auth-session is found, and there is a required-action "VERIFY_EMAIL" in the auth-session which is used to pass the new validation in IdpEmailVerificationAuthenticator:84 (
if (user.isEmailVerified() && !isVerifyEmailActionSet(user, authSession)) {
I open the link in a second browser which does not share the original session, and the following occurs:
the original auth-session is not found in LoginActionsService#handleActionToken; thus, the required-action "VERIFY_EMAIL" is not found, validation in IdpEmailVerificationAuthenticator:84 kicks in, and I am forwarded to the info-page with the message "Your email address has been verified already."
Thanks in advance for any insight for making it work like in KC 23.0.6 ( i.e. account-linking works in any scenario ).
Beta Was this translation helpful? Give feedback.
All reactions