[keycloak-dev] Keycloak Client Provisioning Notifications.

[Thomas Darimont]

Hello there,

are there any plans to provide a way to let client applications
know of new users before they actually try to login?

This could be used for triggering on-boarding mechanisms like e.g.
preparing a user environment (e.g. a tenant) for a particular
user.

I was thinking of a mechanism like web-hooks, as github and many other
services use in similar scenarios, where you could send a HTTP POST
requests to the client application in case of
a new user was registered in keycloak that was granted access to that
particular application and potentially others as well.

The POST request could contain some user data like:
login, email, userid, client roles, perhaps for multiple clients etc.
This would help client applications to associate a prepared environment
with the actual user from keycloak.

The intention is to keep an on-boarding experience fast as possible for the
user by doing some preprocessing as early as possible.

There is already a similar functionality to propagate logout events to
client admin URL.
Perhaps this could also be used for this - just send user created / user
update / user deleted
events to this endpoints as well.
Perhaps with keeping track whether the clients acknowledged the updated via
a HTTP 200 response-status with a retry with some back-off strategy
otherwise.

One often uses JMS topics for those scenarious but I think web-hooks would
be a bit easier here.

Cheers,
Thomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151204/e11c529b/attachment-0001.html