Keycloak Send Email after successfull password reset
Keycloak provides "Forgot Password" functionality out of the box. This is working perfectly fine. On clicking this, I enter email and a link is sent to my email. On clicking the link I can reset my password.
My question is, Is it possible to make Keycloak send an email after successfull password reset?
Thanks to some of the hints from Fabrice. I wrote a event listener do achieve this.
In the listener I filtered for event type UPDATE_PASSWORD and sent email myself. Something like this
public class ResetPasswordEventListenerProvider implements EventListenerProvider {
public ResetPasswordEventListenerProvider() {
}
@Override
public void onEvent(Event event) {
if(event.getType() == EventType.UPDATE_PASSWORD){
//Send email.
}
}
These are some of the articles I referred
https://dev.to/adwaitthattey/building-an-event-listener-spi-plugin-for-keycloak-2044
If you do not use any external dependency in your code, then packaging your code as jar and deploying is enough as indicated in the above article. But if you have any external dependency in your code, then it is very difficult to include those in the resulting jar. For example in my case once I catch the event, I send the details to a Jms Queue(which will be picked by other service to send email). So I needed Jms related dependencies in the pom. This was not straightforward.
Hence I packaged the code as ear and deployed. The deployment process is similar to jar. But packaging is a bit different. It is shown clearly in this project
https://github.com/thomasdarimont/keycloak-user-storage-provider-demo
Yes, this is possible if you provide a customized copy of the "Reset credentials" authentication flow.
See documentation on how to cutomize a flow https://www.keycloak.org/docs/latest/server_development/index.html#_auth_spi
I guess you'll have to add a custom authenticator (e.g. "Send Reset Confirmation Email") after the "Reset Password" authenticator. For the implementation of this custom authenticator, you'll only need to send the confirmation email in the authenticate() method. You can look at keycloak built-in authenticators such as https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/authentication/authenticators/resetcred/ResetCredentialEmail.java.
Regards,