[keycloak-user] EventListenerProvider that removes an existing offline session/token Posteingang x Benachrichtigungen x

[Michael Hunziker]

Hi everyone!

I need some advice in implementing an EventListenerProvider that makes sure
that there is only one offline session/token per user (as soon as the user
logs in on another device the provider should make sure that the other
session/token is deleted).

I would expect that calling
"userSessionProvider.removeOfflineUserSession(realmModel, userSession);"
should be enough in the code below... But it does not delete anything in
"OFFLINE_CLIENT_SESSION" and "OFFLINE_USER_SESSION".
Am I missing something? Is this even doable?

Cheers Michael


    @Override
    public void onEvent(Event event) {
        final String realmId = event.getRealmId();
        final String userId = event.getUserId();
        final EventType eventType = event.getType();

        if (isRelevantEvent(realmId, eventType) && userId != null) {
            RealmModel realmModel = realmProvider.getRealm(realmId);
            UserModel userModel = session.users().getUserById(userId,
realmModel);
            final UserSessionProvider userSessionProvider =
session.sessions();
            final List<UserSessionModel> userSessions =
userSessionProvider.getOfflineUserSessions(realmModel, userModel);
            userSessions.stream()
                    .filter(userSession ->
!userSession.getId().equals(event.getSessionId()))
                    .forEach(userSession -> {
                        log.warn("Removing already existing offline user
session {}", userSession.getId());

userSessionProvider.removeOfflineUserSession(realmModel, userSession);
                    });
        }
    }

    private boolean isRelevantEvent(final String realmId, final EventType
eventType) {
        return eventType != null && eventType == EventType.LOGIN &&
                realmId != null && realmId.equals(MY_REALM);
    }