Implement New User Registration in auth-service #8

Closed
opened 2025-04-22 23:31:53 +00:00 by abed.alrahman · 2 comments
Member

Ref epic: #13

Goal: Implement self-service user registration functionality within the auth-service, including email verification.

Description:
This ticket will implement the new user registration feature for the auth service. The auth service will provide two new endpoints: one to register a new account and one to handle email confirmation. The newly created account will be marked as unverified until the email address is confirmed via a link sent to the user.

What needs to be done:

Configure Keycloak Admin API Access:
    Create a dedicated Keycloak client (service account) for the auth-service.
    Grant this client the necessary roles to manage users (e.g., create-user, manage-users, view-users, query-users).
    Securely configure the client credentials (client ID, secret) in the auth-service using Docker Swarm secrets or environment variables.
Implement Registration Endpoint:
    Create a new endpoint, e.g., POST /register.
    Accept required user details in the request body (e.g., email, password, firstName, lastName). Include validation.
    Use the Keycloak Admin REST API to create a new user in the appropriate realm.
    Ensure the new user is created with emailVerified set to false.
    Trigger the Keycloak "Verify Email" required action for the user OR implement custom logic to generate a unique verification token/link and send a confirmation email.
Implement Email Verification Endpoint:
    Create a new endpoint to handle the link clicked in the confirmation email, e.g., GET /verify-email?token={verification_token}.
    Validate the incoming request/token.
    If valid:
        Find the corresponding user in Keycloak.
        Use the Keycloak Admin REST API to update the user's emailVerified status to true and potentially remove the "Verify Email" required action.
        Provide feedback to the user (e.g.,  return a success message).
    If invalid, provide an appropriate error message.
Email Sending (If Custom Flow):
    If not using Keycloak's built-in email sending for verification, configure auth-service with SMTP details (server, port, credentials) to send the verification emails.

// ticket for testing
Testing: Add unit and integration tests for the registration and verification endpoints, covering success and failure scenarios.

Deliverables:

Updated auth-service source code with /register and /verify-email endpoints.
Configuration for Keycloak Admin API client and potentially SMTP.
Test suite covering the new functionality.
Basic documentation for the new API endpoints.
Ref epic: [#13](https://git.cleverthis.com/clevermicro/user-management/issues/13) Goal: Implement self-service user registration functionality within the auth-service, including email verification. Description: This ticket will implement the new user registration feature for the auth service. The auth service will provide two new endpoints: one to register a new account and one to handle email confirmation. The newly created account will be marked as unverified until the email address is confirmed via a link sent to the user. What needs to be done: Configure Keycloak Admin API Access: Create a dedicated Keycloak client (service account) for the auth-service. Grant this client the necessary roles to manage users (e.g., create-user, manage-users, view-users, query-users). Securely configure the client credentials (client ID, secret) in the auth-service using Docker Swarm secrets or environment variables. Implement Registration Endpoint: Create a new endpoint, e.g., POST /register. Accept required user details in the request body (e.g., email, password, firstName, lastName). Include validation. Use the Keycloak Admin REST API to create a new user in the appropriate realm. Ensure the new user is created with emailVerified set to false. Trigger the Keycloak "Verify Email" required action for the user OR implement custom logic to generate a unique verification token/link and send a confirmation email. Implement Email Verification Endpoint: Create a new endpoint to handle the link clicked in the confirmation email, e.g., GET /verify-email?token={verification_token}. Validate the incoming request/token. If valid: Find the corresponding user in Keycloak. Use the Keycloak Admin REST API to update the user's emailVerified status to true and potentially remove the "Verify Email" required action. Provide feedback to the user (e.g., return a success message). If invalid, provide an appropriate error message. Email Sending (If Custom Flow): If not using Keycloak's built-in email sending for verification, configure auth-service with SMTP details (server, port, credentials) to send the verification emails. // ticket for testing Testing: Add unit and integration tests for the registration and verification endpoints, covering success and failure scenarios. Deliverables: Updated auth-service source code with /register and /verify-email endpoints. Configuration for Keycloak Admin API client and potentially SMTP. Test suite covering the new functionality. Basic documentation for the new API endpoints.
stanislav.hejny added this to the V.01 milestone 2025-05-06 18:30:27 +00:00

depends on Keycloak instance being operational

depends on Keycloak instance being operational
Author
Member

@freemo @stanislav.hejny
For now, we will use Keycloak to handle the email verification step.

For future work, we can plan email verification for new user registration, This will involve:

  • Setting up an email server to send verification emails to users.
  • Generating and securely storing verification tokens.
  • Options for token storage include the main database or a cache
    server (e.g., Redis).
@freemo @stanislav.hejny For now, we will use Keycloak to handle the email verification step. For future work, we can plan email verification for new user registration, This will involve: - Setting up an email server to send verification emails to users. - Generating and securely storing verification tokens. - Options for token storage include the main database or a cache server (e.g., Redis).
abed.alrahman added reference feat#8_user_registration 2025-05-26 23:50:52 +00:00
hurui200320 2025-06-06 07:18:01 +00:00
Sign in to join this conversation.
No milestone
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Blocks
You do not have permission to read 1 dependency
Depends on
Reference: clevermicro/user-management#8
No description provided.