Currently have Keycloak setup successfully working with a frontend app (react) and backend (django) with 2 clients. One for the backend with confidential access type and the second one for the front end auth with public access type.
Trying to complete a feature where we can tigger password reset email for a user (from the frontend admin side of things) and was able to get the following to work using the following PUT call as per the documentation here:
https://auth.domain.com/auth/admin/realms/realm-dev/users/c78263n-f7gb-47c4-a7450-9092ae08efed/execute-actions-email?redirect_uri=http%3A%2F%2Flocalhost%3A3000%2F&client_id=app-front&lifespan=259200
with the payload of: ["VERIFY_EMAIL","UPDATE_PASSWORD"]
The user then receives an email with a link to perform said actions.
So far so good.
The issue is: once the user has completed updating their password on keycloak, and click go back to app, they have to log in again. Is there a way to auto login the user after setting their password via this workflow?
I've tried the following on the react side but that didn't help and created a slight redirect loop until settling on the login form again:
import Keycloak from 'keycloak-js';
const keycloak = Keycloak(process.env.REACT_APP_KEYCLOAK_JSON);
keycloak.init({
onLoad: 'check-sso',
silentCheckSsoRedirectUri: `${window.location.origin}/silent-check-sso.html`,
pkceMethod: 'S256',
});
export default keycloak;
Would appreciate any help with completing the implementation of this.
Found this in the Keycloak community forum "It looks like the AbstractActionTokenHandler sets a note that the session should be terminated after required actions are executed" and a suggested solution here as well: https://keycloak.discourse.group/t/logging-a-user-in-directly-from-an-actiontoken/12506/7