Email OTP required action

[xgp]

Using the "Verify Email" realm setting, so when the user first logs in they receive an email with a link to verify. This works fine if they open the link in the same browser session that they logged in with, but if they happen to use a different browser session (this scenario is common on mobile), then they end up getting stuck in the auth flow.

Create an Email OTP required action as an alternative to Verify Email that also verifies email after a successful code entry.

[nickbabkin]

Hi @xgp we're also facing the same issue on mobile.
I assume this requires updating the browser flow (README in the repo) rather than extension code, right?

[xgp]

Hi @nickbabkin This ticket is for either updating the EmailOtpAuthenticator to set the email to verified on a successful code entry OR creating a EmailOtpRequiredAction that would do an email verification as an alternative to the VerifyEmail required action. We haven't written it yet.

Can you describe/show the specific scenario you're encountering? It would be useful to see a setup that is encountering this.

[nickbabkin]

Hi @xgp thanks for coming back here. We're trying to simplify email registration flow in our mobile apps (currently when user clicks on verify email link on mobile, he gets redirected to auth flow again because cookies aren't there, which is bad UX). So we considered this plugin as one of the options for mobile apps specifically.

The way we see ideal flow is:
User clicks on "register with magic link" -> enters his email -> gets magic link to his email -> upon clicking on it, gets automatically logged in and his email verified (as having link is enough proof that user has ownership of the email)

But if email is not verified automatically upon clicking on magic link and user gets redirected to auth flow instead, it doesn't really make UX better.

PS Wasn't it fixed in this PR earlier? #38

[xgp]

@rtufisi can you look at this?

[rtufisi]

Hei @nickbabkin . Check the latest version of our image quay.io/phasetwo/phasetwo-keycloak:26.2.5 and the behaviour you are expecting is working. Did you use this image, or just the keycloak-magic-link extension ? If so, can you check that you have the latest version https://central.sonatype.com/artifact/io.phasetwo.keycloak/keycloak-magic-link/versions