From 3a7b13cf458d2b5e1c256eb12e31abdaff5c8a91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9da=20Housni=20Alaoui?= Date: Mon, 9 May 2022 18:51:26 +0200 Subject: [PATCH] KEYCLOAK-6455 Ability to require email to be verified before changing (#1511) Closes #1520 --- server_admin/topics/admin-console.adoc | 1 + .../login-settings/update-email-workflow.adoc | 30 +++++++++++++++++++ server_installation/topics/profiles.adoc | 5 ++++ 3 files changed, 36 insertions(+) create mode 100644 server_admin/topics/login-settings/update-email-workflow.adoc diff --git a/server_admin/topics/admin-console.adoc b/server_admin/topics/admin-console.adoc index 42e5ae5e2a..5647955416 100644 --- a/server_admin/topics/admin-console.adoc +++ b/server_admin/topics/admin-console.adoc @@ -14,4 +14,5 @@ include::login-settings.adoc[leveloffset=2] include::login-settings/forgot-password.adoc[leveloffset=2] include::login-settings/remember-me.adoc[leveloffset=2] include::login-settings/acr-to-loa-mapping.adoc[leveloffset=2] +include::login-settings/update-email-workflow.adoc[leveloffset=2] include::realms/keys.adoc[] diff --git a/server_admin/topics/login-settings/update-email-workflow.adoc b/server_admin/topics/login-settings/update-email-workflow.adoc new file mode 100644 index 0000000000..bb154becea --- /dev/null +++ b/server_admin/topics/login-settings/update-email-workflow.adoc @@ -0,0 +1,30 @@ +[[_update-email-workflow]] + +=== Update Email Workflow (UpdateEmail) + +With this workflow, users will have to use an UPDATE_EMAIL action to change their own email address. + +The action is associated with a single email input form. If the realm has email verification disabled, this action will allow to update the email without verification. If the realm has email verification enabled, the action will send an email update action token to the new email address without changing the account email. Only the action token triggering will complete the email update. + +Applications are able to send their users to the email update form by leveraging UPDATE_EMAIL as an AIA (Application Initiated Action). + +ifeval::[{project_product}==true] +:tech_feature_name: UpdateEmail +:tech_feature_setting: -Dkeycloak.profile.feature.update_email=enabled +:tech_feature_id: update-email +include::../templates/techpreview.adoc[] +endif::[] + +ifeval::[{project_community}==true] + +[IMPORTANT] +==== +Please note that Update Email Workflow support is in development. Use this feature experimentally. +==== + +endif::[] + +[NOTE] +==== +If you enable this feature and you are migrating from a previous version, enable the *Update Email* required action in your realms. Otherwise, users cannot update their email addresses. +==== diff --git a/server_installation/topics/profiles.adoc b/server_installation/topics/profiles.adoc index eedd3678e9..2f2b13d8b3 100644 --- a/server_installation/topics/profiles.adoc +++ b/server_installation/topics/profiles.adoc @@ -99,6 +99,11 @@ The features that can be enabled and disabled are: |Yes |Supported +|update_email +|Update Email Workflow +|No +|Preview + |=== To enable all preview features start the server with: