-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Keycloak 22.0.1 unable to create user with long email address #22825
Comments
Hi @mposolda , the above-mentioned issue is reproducible , do we have to set the limit to 87 characters ? |
It will be good to make sure that long email address still works similarly like it was before. Hence marking this as regression and adding to 22.0.3 for now. I think this is related to some recent changes in email validation, which might cause this issue. @kaustubh-rh do you want to investigate this issue and work on it? If yes, feel free to comment here and send the PR for it. It would be welcome. |
@mposolda yes ,will raise a PR for the same. Thanks :) |
Hi @kaustubh-rh and @mposolda, just a heads up, the following line limiting the character size: keycloak/server-spi-private/src/main/java/org/keycloak/utils/EmailValidationUtil.java Line 10 in c92d10c
was added on PR #21131 (issue #20878). I guess that this validation is related to RFC-3696 that limits the local part in 64 characters:
So, if we'll accept more than 64 characters, we just need to change the: keycloak/server-spi-private/src/main/java/org/keycloak/utils/EmailValidationUtil.java Line 10 in c92d10c
I don't know what is better, keep the limit, or increase the value. |
@pedro-hos Thanks for investigation of this! Is it possible to keep 64 characters by default, but allow bigger value in the configuration? Maybe some new option of the user profile provider (See for example here https://www.keycloak.org/docs/latest/server_admin/index.html#_read_only_user_attributes for some other configuration option added to this profile). So maybe something like Will be also good to document this in the migration guide. Can you please document it to the existing |
Hi @mposolda @pedro-hos , thanks for clarification. It looks to be good idea to add |
closes #22825 Co-authored-by: mposolda <mposolda@gmail.com>
I don´t think this is fixed. The validation does also seem to validate the domain-part. The previously cited RFC says 255 characters in the domain part should be fine. |
Before reporting an issue
Area
admin/api
Describe the bug
With the latest nightly release, it is no more possible to create a user with email longer than 75 characters. Moreover in 22.0.1, the limit seems to be at 87 characters.
Meanwhile in the old version 21.1.2, it is still possible to create a user with an email longer than 87 characters.
This happens both via REST API users and on the admin UI:
![image](https://private-user-images.githubusercontent.com/5919707/264368498-a9254900-6d9c-43a5-bacc-9e9d71a075e2.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjAzOTU3MTAsIm5iZiI6MTcyMDM5NTQxMCwicGF0aCI6Ii81OTE5NzA3LzI2NDM2ODQ5OC1hOTI1NDkwMC02ZDljLTQzYTUtYmFjYy05ZTlkNzFhMDc1ZTIucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDcwNyUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA3MDdUMjMzNjUwWiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9OTljMmVkOGRiOGIwODc5MWI4MmM4ZTU5Mzc5YWU3YTc5ODBiM2NkMmYxZDg5OWQ4MjgwYTdhODdjY2Y5OTVlZCZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.aswuoD-_Q8imir_S4XPO9af77tZACmyAdaqWgq5DU40)
Version
22.0.1
Expected behavior
Still able to create user with more than 87 characters in the email like in 21.1.2. Not sure what was the limit before.
Actual behavior
Unable to create user with more than 87 characters in the email.
How to Reproduce?
Anything else?
No response
The text was updated successfully, but these errors were encountered: