Verify Keycloak Email icon

Verify Keycloak Email

Verify email existence in Keycloak
Join our community

Overview

This node verifies the existence of an email address within a Keycloak user realm. It is useful in scenarios where you need to confirm if a user with a specific email is registered in a Keycloak authentication server before proceeding with further automation or user management tasks. For example, it can be used in onboarding workflows to check if a user already exists or in security audits to validate user data.

The node authenticates with Keycloak using either a provided active token or by obtaining an access token via client credentials. It then queries the Keycloak admin API to search for users matching the given email in the specified realm.

Properties

Name Meaning
Email The email address to check for existence in Keycloak.
Realm The Keycloak realm under which the email check should be performed.
Grant Type OAuth 2.0 grant type used to obtain the token; currently supports only "Client Credentials".
Active Token An optional active token for authenticating with Keycloak. If not provided, the node attempts to obtain one automatically.

Output

The node has three outputs:

  1. ok: Emits items where the email was found in Keycloak. The json field contains a result property with the first matched user object.
  2. ko: Emits items where the email was not found (empty result). The json field contains a result property set to undefined or null.
  3. error: Emits items when an error occurs during execution. The json field contains:
    • result: false
    • message: error message string
    • items: the original input items that caused the error

The output json.result holds the user data returned from Keycloak or indicates absence.

Dependencies

  • Requires connection to a Keycloak server with admin API access.
  • Needs an API token or client credentials (client ID and secret) to authenticate against Keycloak.
  • The node expects credentials containing:
    • Keycloak server URL
    • Default realm (optional)
    • Client ID and client secret (for token retrieval)
    • Or an active token directly provided as input

Troubleshooting

  • Failed to obtain Keycloak token: This error occurs if no valid token is available or cannot be retrieved using client credentials. Ensure that the client ID, client secret, and server URL are correctly configured in credentials or provide a valid active token.
  • Invalid realm or email: If the realm does not exist or the email format is incorrect, the node may return empty results. Verify the realm name and email input.
  • API request failures: Network issues or insufficient permissions on the Keycloak server can cause errors. Check connectivity and ensure the API user has admin rights.
  • Malformed JSON response: If the Keycloak server returns unexpected data, parsing might fail. Confirm the server version and API compatibility.

Links and References

Discussion