Keycloak - Verify user's email using Rest API

Question

I am trying to create a new user and then verify his email address using REST API. To send verification email I am using my own email class in Springboot, so I am not calling keycloak's /send-verify-email endpoint! After I create user, I can see in keycloak console that user is created, enabled and his email address needs to be verified.

But here lies the problem. How can I verify the email using Keycloak REST API? There is no endpoint for this purpose and I can't update UserRepresentation, because I have no Access Token. And without access token, you can't update User, right?

So there should be some unsecured endpoint that won't require Access token and verify email like <userID>/verify-email or so, but there isn't. So I am looking for alternatives, how to verify user's email.

When using Keycloak Springboot client (or how it is called), there are methods for this purpose (like update user without token), but unfortunately I am not able to use this library.

I am really starting to hate keycloak..

Thank you all for your help

Answer 1

So there should be some unsecured endpoint that won't require Access token and verify email like /verify-email

That is really insecure approach - anyone will be able to verify any email.

Create new admin user/client with proper permission configuration (it needs to be allowed to update users) and use it (= you need login procedure -> access token) to update user model (PUT /{realm}/users/{id} - emailVerified: true). Of course this admin user will own responsibility that email is correct.