[keycloak-user] Tracking/auditing login events for GDPR compliance with Keycloak APIs?

Hey everyone, we have been happily using Keycloak to secure our recently developed applications. One of those applications requires users to give an informed consent when first logging in by marking a checkbox on the Keycloak login page. To comply with EU general data protection regulation, we need to track and archive those events. We are contemplating doing that from within Keycloak as the login event system and provider APIs seemingly give us everything we need. But before we commit to that, i would love the opinion of people better versed in the internal Keycloak APIs, databases and when to use them. Here is what we need to do: For every initial login event (i.e. when the users identity is first linked via our custom User Storage Federation Provider), we would have to store the following information: * The time of the event * The username * Ideally: custom information from the Keycloak login page, e.g. the url and/or hash of the consent document the user just read and accepted Here is what we already have: * a custom Keycloak login theme * a custom User Storage Federation provider We are currently using the federation provider to send the event to an external service but if we can cover this use case with Keycloak internal APIs and databases, we would happily do so because we are moving towards Keycloak as our central IDP. The reason we are using an external service right now is because there we have full control. For instance, a likely future functionality is querying the API if the user in question has already given his consent for given document. Thanks for your time!