Callback on user registration/login?

For a web platform we are using Keycloak for user authentication and authorization. We are not using the rest api, but the web interface. Everything works as we expect, but there is one feature that we (I) can’t find: callback

I want a callback to our backend when a user registers and when a user logs in. Is there a way to configure this for a realm?


There’s nothing like a callback, but Keycloak has events.

You can implement a custom Event Listener SPI in which you can react on the various events and do whatever you want.
Unfortunately there’s not much documentation about this: Server Developer Guide
But you can use the examples or default implementations as good start: keycloak/services/src/main/java/org/keycloak/events at master · keycloak/keycloak · GitHub

Thank you. I will look into this.

Hi pazvanti,
We are having the same problem as you: callback (redirect) to our backend when a user registers and when a user logs in.
Did you find the answer to this problem?


Sadly, I did not find the answer. We could have implemented our own even listener, as dasniko suggested, but there was no time for that.
Eventually we took a rather hacky approach where on the request we do some checks on the backend-side, do the needed event loggings and store a cookie. If the cookie is present, we skip this flow for future requests. I know it is not the best approach, but we had time constraints and it was the fastest to implement.

It is curious that Keycloak claims to be an OIDC provider (OpenID Connect) so it should support the OIDC callback.

It supports redirect back (in browser flow), just use the appropriate Authorization Code Flow (Standard Flow Enabled on Client Setting);

Another approach could be clone and customize the Authorization Flows (Browser and Registration) in the Realm’s Authentication settings, to add a new step (browser redirect)…

But as far as I understood, he wants something like synchronized events to log data and possibly create the user on descentralized applications. That would be faster and easier to create a SPI package extending the server to perform web hooks or connect to a event broker.