Hello. I am trying to solve a requirement I have disallow registration and user creation on a uniqueness check of multiple required fields. In my example a user cannot be created if there already exists a user in the system with the same values of custom attributes phoneNumber and dateOfBirth.
A custom field validator from what I can tell would not work since it seems that is useful for validating the value of a single field. With this assumption it seems like the best course of action for direct user registration is to add a custom Flow Detail Step to a copied “Registration Flow”.
NOTE that I assume this won’t work for users created by admin’s so if anyone has a suggestion for that it would be good to hear.
I have tried to create a custom provider that implements FormAction
and FormActionFactory
taking reference from both internal Keycloak files like RegistrationProfile
and this keycloak extension playground simple-registration-form-action-example. I created my provider, built is, coped to the providers directory, and successfully started the server noting that it picks up my provider service:
2023-03-10 16:13:36 2023-03-11 00:13:36,159 WARN [org.keycloak.services] (build-15)
KC-SERVICES0047: duplicate-phone-dob-registration-example-form-action (com.github.thomasdarimont.keycloak.registration.DuplicatePhoneDobRegisterFormActionFactory) is implementing the internal SPI form-action.
This SPI is internal and may change without notice
However, this doesn’t seem to show when I try to add a step to my custom registration flow.
FormAction:
package com.github.thomasdarimont.keycloak.registration;
import lombok.extern.jbosslog.JBossLog;
import org.keycloak.authentication.FormAction;
import org.keycloak.authentication.FormContext;
import org.keycloak.authentication.ValidationContext;
import org.keycloak.events.Errors;
import org.keycloak.forms.login.LoginFormsProvider;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.FormMessage;
import javax.ws.rs.core.MultivaluedHashMap;
import javax.ws.rs.core.MultivaluedMap;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
@JBossLog
public class DuplicatePhoneDobRegisterFormAction implements FormAction {
private static final String DATE_OF_BIRTH = "dateOfBirth";
private static final String PHONE_NUMBER = "phoneNumber";
private static final String DATE_OF_BIRTH_REQUIRED_MESSAGE = "dateOfBirthRequired";
private static final String PHONE_NUMBER_REQUIRED_MESSAGE = "phoneNumberRequired";
@Override
public void buildPage(FormContext context, LoginFormsProvider form) {
// render user input form
}
@Override
public void validate(ValidationContext context) {
// validate user input
KeycloakSession session = context.getSession();
RealmModel realm = session.getContext().getRealm();
MultivaluedMap<String, String> formData = context.getHttpRequest().getDecodedFormParameters();
if (!formData.containsKey(DATE_OF_BIRTH)) {
context.error(Errors.INVALID_REGISTRATION);
formData.remove(DATE_OF_BIRTH);
List<FormMessage> errors = List.of(new FormMessage(DATE_OF_BIRTH, DATE_OF_BIRTH_REQUIRED_MESSAGE));
context.validationError(formData, errors);
return;
}
if (!formData.containsKey(PHONE_NUMBER)) {
context.error(Errors.INVALID_REGISTRATION);
formData.remove(PHONE_NUMBER);
List<FormMessage> errors = List.of(new FormMessage(DATE_OF_BIRTH, PHONE_NUMBER_REQUIRED_MESSAGE));
context.validationError(formData, errors);
return;
}
Map<String, String> params = new HashMap<>();
params.put(DATE_OF_BIRTH, formData.getFirst(DATE_OF_BIRTH));
params.put(PHONE_NUMBER, formData.getFirst(PHONE_NUMBER));
boolean otherUserExists = session.users().searchForUserStream(realm, params).findAny().isPresent();
if (otherUserExists) {
List<FormMessage> errors = List.of(new FormMessage(FormMessage.GLOBAL, "Your account couldn't be " +
"created. If you've already created an account, please log in or reset your password."));
context.validationError(formData, errors);
return;
}
context.success();
}
@Override
public void success(FormContext context) {
// handle successful form submission
log.info("Custom Duplicate Phone DOB Register Form Action success!");
}
@Override
public boolean requiresUser() {
return true;
}
@Override
public boolean configuredFor(KeycloakSession session, RealmModel realm, UserModel user) {
return true;
}
@Override
public void setRequiredActions(KeycloakSession session, RealmModel realm, UserModel user) {
// add required actions if required
}
@Override
public void close() {
// NOOP
}
}
FormActionFactory:
package com.github.thomasdarimont.keycloak.registration;
import com.google.auto.service.AutoService;
import org.keycloak.Config;
import org.keycloak.authentication.FormAction;
import org.keycloak.authentication.FormActionFactory;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.provider.ProviderConfigProperty;
import java.util.List;
@AutoService(FormActionFactory.class)
public class DuplicatePhoneDobRegisterFormActionFactory implements FormActionFactory {
private static final DuplicatePhoneDobRegisterFormAction INSTANCE = new DuplicatePhoneDobRegisterFormAction();
private static final String PROVIDER_ID = "duplicate-phone-dob-registration-example-form-action";
private static final AuthenticationExecutionModel.Requirement[] REQUIREMENT_CHOICES = {
AuthenticationExecutionModel.Requirement.REQUIRED,
AuthenticationExecutionModel.Requirement.DISABLED
};
@Override
public String getId() {
return PROVIDER_ID;
}
@Override
public FormAction create(KeycloakSession session) {
return INSTANCE;
}
@Override
public String getHelpText() {
return "Registration step to check for duplicate users by phone number and date of birth.";
}
@Override
public String getDisplayType() {
return "Duplicate Phone DOB Check";
}
@Override
public String getReferenceCategory() {
return null; // null ok
}
@Override
public boolean isConfigurable() {
return false;
}
@Override
public AuthenticationExecutionModel.Requirement[] getRequirementChoices() {
return REQUIREMENT_CHOICES;
}
@Override
public boolean isUserSetupAllowed() {
return false;
}
@Override
public List<ProviderConfigProperty> getConfigProperties() {
return null; // null ok
}
@Override
public void init(Config.Scope config) {
// NOOP
}
@Override
public void postInit(KeycloakSessionFactory factory) {
// NOOP
}
@Override
public void close() {
// NOOP
}
}
With files META-INF/services/org.keycloak.authentication.FormActionFactory:
com.github.thomasdarimont.keycloak.registration.DuplicatePhoneDobRegisterFormActionFactory