[keycloak-user] Limiting user registrations to closed set

[Łukasz Dywicki]

Hi all,
I have a case which is quite simple in terms of logic - I have existing
database of users with attributes such first and last name, as well as
email. I miss username and password or just password if I decide to use
email as login. I would like to use attributes I know for validation of
new user registrations.
Any registration attempt with uknown email, first and last should be denied.
Sadly due to necessity to host user self registration in mobile app I
had to move it outside of keycloak. This means I use a small utility to
create accounts using admin api.

I've tried to use UserStorageProvider, but this SPI is not permited to
"deny" user registration. When I try to add new user, it goes in even if
there is no matching combination of attributes. Which SPI is valid for
my use case?

Kind regards,
Lukasz