Finde ich ganz toll welche Mühe Du Dir gibst. Toll solche Menschen.

Thank you for making these videos on keycloak, it helped me a lot. I was struggling with the "addRequiredAction" and I didn't know that the method addRequiredAction(string) took the ID as an argument. I wish I had known about your channel before. And by the way, your explanations are great. I hope you will continue to provide keycloak related guides as there are not many of them, if you have the time. Thank you again !

thanks for this very useful demo

Thank you, that really helpful :)

thank you Niko

Hello dasniko, I did exaclty like you. But i don't know why I got error "Template not found". Help me pls.

How do I add a required action in the latest versions? I implemented the source but I can't find the button to add a new required action.

Hi Niko: This is some what related to a custom Required Action sequence. We have a requirement to display a consent screen to review the client scopes being requested by a 3rd party application that is registered within keycloak (as a separate client). Our main portal application that is developed by us (separate client within the same realm) does not require this consent. It's only when a 3rd party application request is being processed (irrespective of the state of authenticated session, even if authenticated) that we need to display this consent form with client scopes. Work done so far: I created a new browser flow and assigned it to the 3r party app. I also implemented a custom authenticator where I'm processing the state of requested client scopes in order to display them in the UI as checkboxes. (checkboxes are needed because we have a requirement that a user can de-select from a list of client scopes being requested by the 3rd party application). During the initial authentication from the 3rd party application, it works great and an authentication session is created. But within the same authentication session, when a new request is processed, I do not see this consent screen. My question is.. what should I do to allow this consent form to show all the time even within the same authenticated session? Should it be a required action? If so, can I enable a required action for a specific client?

Thank you! Please I have just 1 confusion and doubt tho if you have a second: Your github contains a parent pom adding this particular provider factory application as a module. Do we need this parent pom for this RequiredActionFactory to work ? Or can we use the pom.xml of this particular project as a standalone? I tried using the standalone pom.xml in a Spring boot project instead of a standard maven project, and on keycloak startup i get warning about missing Jakarta classes in Quarkus I was also wondering on the same token what the use of your "keycloak-spi-bom" is in the parent pom.xml here, just because a lot of the same keycloak dependencies appear to be in the individual applications (such as our required actions application here)

Hi Niko, thanks for the video and valuable explanations. In the video you are suggesting to "register" the newly created required action within the authentication menu. I am experimenting with keycloak v.22 and the administration pages have changed in design and functionality. On the admin page for Authentication, within the tab "required actions", there are some predefined required actions, but no "register" button. I did not package my extension yet and did not upload and build it into my keycloak application. Is this the reason, why it doesnt show the "register" button or is the registration process implicitly activated in the new KC22?

Thanks for the video. I have created my own custom required action for Updating the password and it works great But what I am trying to achieve is slightly different and havn't been successful yet. I want to call my custom action when trying to Update password from account management console - 'signing in' option..If you could share your thoughts on how to achieve that it will be really helpful.

Hi Niko. Nice video, appreciate it. Though I have a question. What is the difference between using required actions and authenticators? I have a requirement to implement custom consent page after successful authentication. which one to use?

hello niko : ) I have a question. When the password expires after logging in, will a function to change it next time be provided instead of updating the password? let me know if there is any possible way

Hi Niko, first thanks for the great video ! I have a question, is it possible to implement a custom Required Action ( an SPI ) in nodeJS ? or we need to use Java to do it ? using keycloak 19.0.1 ?

I’m sorry but I would like to create an Authenticator for the registration flow, is that possible?

Sir How can I add the resources in the keycloak user token payload? I have created the resources, scopes, policies and permissions in the keycloak now i want to add the resources according to the user roles in the user token. please ans

Hi Niko, Hope you are fine Many thanks for your efforts in clarification of keycloak (adding functionalities & features) which are not that available online. I am using your phone number required action repository with keycloak on a docker container but there's a problem (We're sorry - internal server error)unknown method getHttpRequest() in logs - I tried : 1) copy jar files instead of persisting volume 2) rebuild using a tool rather than Netbeans 3) changing permissions of jar files 4) change image jboss/keycloak version => 16 5) checked the code over and over but everything is fine only a Javadoc was missing and I downloaded it. but still can't update the phone number through this form thanks in advance.

Hi Niko, I have a problem with configure required action. Our system communicate with Keycloak via api. In "requiredActionChallenge" method, I want to send some params for front-end site to know and redirect to update phone screen, because we have a lot of cases use require action. But the API only response { "error": "invalid_grant", "error_description": "Account is not fully set up" } And font-end site don't know exactly what is error. => How we can pass the error type to front-end. Example: { "error": "invalid_grant", "error_type": "update_phone_number", "error_description": "Account is not fully set up" }

Hey Niko, please make video on forgot password flow and how to customize message. I am not able to get message that your password successfully reset after reset password. And in that message I want to customize sing in url how to do it. Thanks

Thank you for the video. The pattern that I've seen being used is that, at the time of updating the phone number, there is also a verification step by sending a code to the entered phone number before saving it to the backend. Could the flow here be interrupted to include the verification code?

Hello Niko, Is there any way to configure the search for other fields besides the client id?

Great Videos. i have a question, when we use OTP, is that possible that the barcode send via email?

Hello niko . I am using your "update mobile number" required action example . I noticed that when this addon is enabled and I also enable and use user federation with ldap , an error occurs at login screen "Unexpected error when handling authentication request to identity provider." There are no keycloak logs when this happens . It can be overcomed by refresing many times the browser or by creating a new private browser session. But it is a bug . I am not sure if this is a bug in this addon or a keycloak bug. Are you able to reproduce it in your environment ?

Hey Niko! Do you know of a way or have any insight into how a user could complete required actions through the Direct Grant flow in a mobile app (without browser)?

If we need to open codes to add simple form , keycloak is meaningless. We chose kc because its supposed to simplify thing, not the other way. This should and must be easily be done via UI