Hello there,

are there any plans to provide a way to let client applications

know of new users before they actually try to login?

This could be used for triggering on-boarding mechanisms like e.g.

preparing a user environment (e.g. a tenant) for a particular 

user.

I was thinking of a mechanism like web-hooks, as github and many other services use in similar scenarios, where you could send a HTTP POST requests to the client application in case of 

a new user was registered in keycloak that was granted access to that particular application and potentially others as well.

The POST request could contain some user data like:

login, email, userid, client roles, perhaps for multiple clients etc.

This would help client applications to associate a prepared environment with the actual user from keycloak.

The intention is to keep an on-boarding experience fast as possible for the user by doing some preprocessing as early as possible.

There is already a similar functionality to propagate logout events to client admin URL. 

Perhaps this could also be used for this - just send user created / user update / user deleted

events to this endpoints as well.

Perhaps with keeping track whether the clients acknowledged the updated via a HTTP 200 response-status with a retry with some back-off strategy otherwise.

One often uses JMS topics for those scenarious but I think web-hooks would be a bit easier here. 

Cheers,

Thomas