Skip to content

Token issuer is null in executeActionsEmail and sendVerifyEmail if no clientId is passed #35317

Closed
#35569
Closed
Token issuer is null in executeActionsEmail and sendVerifyEmail if no clientId is passed#35317
#35569
Assignees
rmartinc
Labels
area/admin/apikind/bugCategorizes a PR related to a bugpriority/normalrelease/26.0.8release/26.1.0team/core-clients
@simse07

Description

@simse07
simse07
opened on Nov 26, 2024

Before reporting an issue

  • I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

admin/api

Describe the bug

I checked the implementation of the executeActionsEmail, especially

keycloak/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java

Line 1120 in b20cfbb

private SendEmailParams verifySendEmailParams(String redirectUri, String clientId, Integer lifespan) {
and found out that the issuer for the generated ExecuteActionsActionToken is null, if no clientId is passed.

It should take the clientId from the client found by

keycloak/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java

Line 1134 in b20cfbb

ClientModel client = clientId != null ? realm.getClientByClientId(clientId) : SystemClientUtil.getSystemClient(realm);
and passing it to the SendEmailParams return new SendEmailParams(redirectUri, client.getClientId(), lifespan);

Afterwards, the clientId is used in result.clientId to generate the token

keycloak/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java

Line 905 in b20cfbb

ExecuteActionsActionToken token = new ExecuteActionsActionToken(user.getId(), user.getEmail(), expiration, actions, result.redirectUri, result.clientId);

This was introduced in 02d64d9

Version

26.0.6

Regression

  • The issue is a regression

Expected behavior

Token issuer is the clientId of the passed client or default client.

Actual behavior

Token issuer is null if no clientId is passed

How to Reproduce?

Call the api endpoint without passing a clientId and check the token.

Anything else?

No response

Metadata

Metadata

Assignees

Labels

area/admin/apikind/bugCategorizes a PR related to a bugpriority/normalrelease/26.0.8release/26.1.0team/core-clients

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions