I’ve set up keycloak with google as an identity provider and everything works. When I log in to keycloak through google oidc, the user gets automatically created, and this is what I expect it to do.
I want to find a way to assign realm roles (or user groups) to the user before the user logs in for the first time, so before the user gets created in Keycloak.
If I manually create the user and then try to link it to Google, I need to provide a user ID, which I take it to be the user ID provided by Google. But I can’t know that before hand or, in any case, it’s hard to retrieve it from Google before the user gets created.
So I’d like to create the user manually (well, actually in order to be able to automate this process) and when the user logs in for the first time, I want his Google identity to map to the existing user based on the username and email address (or just based on the username, for that matter).
I don’t want to rely on any groups Google might be sending, so things like additional attributes other than the username or email, because I want to be as independent as possible in case I switch identity providers.
I’m using Keycloak 25.0.2 set up directly on Ubuntu 24.04.
And hints even are welcome 