[keycloak-dev] User SPI
Muein Muzamil
shmuein+keycloak-dev at gmail.com
Wed Nov 16 19:52:26 EST 2016
Hi all,
We have implemented custom authenticators to integrate with an external
authentication API. After successful authentication, the API returns user
attributes back. Right now we save this user into DB as shown below, which
works well.
user = userFederationManager.addUser(context.getRealm(), username)
user.setEnabled(true);
mapUserAttributesToUserModel(user, userAttributes);
context.setUser(user);
We have some privacy and security related requirements because we which we
don't want to store user information in KeyCloak database for a longer
period. We were thinking to implement some scheduled job to clean up user
data from KeyCloak database but I noticed that in KeyCloak 2.3 new User SPI
is introduced which allows users to be pull in without sync in user into
KeyCloak database.
1. So I was wondering how can I use this SPI to avoid storing user data
in DB.
2. Can I imagine sticking user information in session and returning user
information from User SPI?
3. Do we have any sample implementations or documentation available for
User SPI?
Regards,
Muein
More information about the keycloak-dev
mailing list