Best practices for creating users in backend DB when new user is registered in Keycloak

Some possible solutions are,

  1. Create a java extension that can make requests to an user creation endpoint on my backend every time keycloak creates a new user.
  2. If there is a token in my backend that has unregistered user, create the user.

What is the best practice here ?

This depends on your requirements and the “why” you want to create users (duplicated) in your custom DB…

If you just need an entry for a user, because you want to store some additional, application related data in your custom DB, I’d vote for the approach with the token. This is nice, tiny, sweet, loosely coupled, only creates data if the user really uses the application. The whole logic is focused in/to your application, no code in Keycloak necessary, no runtime-dependency from Keycloak to your custom DB/application. I like this.

On the other hand side, if you want to have the complete user management in your custom DB and want to use this data as a source for users (directory), you’d perhaps want to implement a UserStorageProvider. This allows Keycloak to use external systems as a storage source for user data. You can still decide which data will be stored where, e.g. users master data in your custom DB and credentials in Keycloak…
This approach is the more complex one. More effort on implementation and maintaining the provider, plus runtime-dependency from Keycloak to the external system. This can be a good fit, but is highly dependent on your requirements and goals‼️
If you don’t need an external user management, I wouldn’t go this way.

1 Like

Yeah the requirement is to store some additional app related data in the custom DB.
Ill go ahead with the token approach.

Was looking to see if there is a recommended best practice way. But I guess it just depends on the usecase.

Thank you for your reply !