Do you have any recommendations how to extend the administrative API so that the original Keycloak code stays intact and the extension is provided as a separate JAR so that it would be possible to upgrade Keycloak to newer versions without needing to patch it along every upgrade because of the custom code?
The use case we are trying to implement is just to allow API client to unlink an individual federated user. As far as I know, this would require at least:
- New function in the REST API
- New method in the API client classes
- New business method in the server code
I have tried unlinking user by calling setFederationLink(null) in the UserRepresentation class, but this leads to an error. What is interesting however is that if I call the same method by providing an existing Federation provider id instead of null, I am able to re-link previously unlinked user back to Federation provider.
Another interesting note: if I tweak the database directly and set the federation link to null there, the whole user disappears from Keycloak. What is the reason for this? Is it a conflict in user cache versus database or what?