Hello there,
are there any plans to provide a way to let client
applications
know of new users before they actually try to login?
This could be used for triggering on-boarding mechanisms
like e.g.
preparing a user environment (e.g. a tenant) for a
particular
user.
I was thinking of a mechanism like web-hooks, as github and
many other services use in similar scenarios, where you could
send a HTTP POST requests to the client application in case
of
a new user was registered in keycloak that was granted
access to that particular application and potentially others
as well.
The POST request could contain some user data like:
login, email, userid, client roles, perhaps for multiple
clients etc.
This would help client applications to associate a prepared
environment with the actual user from keycloak.
The intention is to keep an on-boarding experience fast as
possible for the user by doing some preprocessing as early as
possible.
There is already a similar functionality to propagate
logout events to client admin URL.
Perhaps this could also be used for this - just send user
created / user update / user deleted
events to this endpoints as well.
Perhaps with keeping track whether the clients acknowledged
the updated via a HTTP 200 response-status with a retry with
some back-off strategy otherwise.
One often uses JMS topics for those scenarious but I think
web-hooks would be a bit easier here.
Cheers,
Thomas