Adjust user account update processing

Getting advice
1

The use case

when a user changes some personal info (first name, last name, etc.) using the account client the data is posted to either

  • org.keycloak.services.resources.account.AccountFormService.processAccountUpdate(MultivaluedMap<String, String>)
  • org.keycloak.services.resources.account.AccountRestService.updateAccount(UserRepresentation)

,depending on if the old Freemarker client or the new React client is used.

What I would like to do is extend those methods to add some functionality that calls an external service before saving any user data.

The problem

It seems those classes are somewhat baked into the code and aren’t easily replaced or extended, without resorting to compiling your own distribution - which I would like to avoid.

The question

How should I go about implementing my own account update logic?
There are 3 approaches I can think of:

  1. There is a way to extended those classes, I am not familiar with
  2. I add my own custom endpoint (simply extending the existing AccountService classes) to Keycloak and make a small adjustment to the account client, to post to that one instead
  3. I completely abandon the account client and build a separate client app, which uses the Admin REST API as needed

Which approach would you recommend? Is there another better approach?


Thanks, for taking the time to read my query.

2

I don’t believe there is a way to extend or override the AccountXService classes. I’m not an expert, but I did #2 in the past. I was able to reuse much of the code in the AccountRestService class, added some handlers to make it easy for me to add additional side effects in the future, and it didn’t take long.

1 Like
3

Thanks for the input!
I think this would be the best approach if you want to stick to the Account Client.
We have decided on an approach similar to the 3rd one, for different reasons.
But I will keep number 2 in the back pocket for now.