Email Notifications when logging in from a new IP address and Login History

Hello everyone!
I have created two Keycloak extensions as part of my bachelor thesis and would like to get feedback on them. It would be very useful for me as a developer and also for the thesis defense I have next week.

The first is used to send notification emails when a user logs in from a new IP address.
The second is used to display information about past logins.
Both can be connected to the GeoLite2 Free Geolocation Data database to obtain the location of the IP address from which the user logs in.

4 Likes

Amazing! Thank you so much for sharing this with the community. I will look and share feedback.

Also, this list is a place where lots of people who use Keycloak go to discover useful extensions. I’d recommend adding your extension here:

1 Like

#1
keycloak-extensions/email-notifications/src/main/java/cz/mendelu/pef/xchyliko/keycloak/extensions/emailNotifications/EmailNotificationsProvider.java at main · eliskachylikova/keycloak-extensions · GitHub This is a fine way to do the email content loading, but Keycloak already has an inbuilt mechanism of email templating that uses the Freemarker template library.
You can see an example of templates keycloak-magic-link/src/main/resources/theme-resources/templates at main · p2-inc/keycloak-magic-link · GitHub and how to use them from your code keycloak-magic-link/src/main/java/io/phasetwo/keycloak/magic/MagicLink.java at main · p2-inc/keycloak-magic-link · GitHub

#2
LocationService is duplicated in 2 places, here keycloak-extensions/login-session-listener/src/main/java/cz/mendelu/pef/xchyliko/keycloak/extensions/loginSessionListener/LocationService.java at main · eliskachylikova/keycloak-extensions · GitHub and here keycloak-extensions/email-notifications/src/main/java/cz/mendelu/pef/xchyliko/keycloak/extensions/emailNotifications/LocationService.java at main · eliskachylikova/keycloak-extensions · GitHub. Better to break this out into a common module that is consumed by both extensions so you only have to maintain it in one place.

#3
The sessionInfo isn’t in an easy to reuse format keycloak-extensions/login-session-listener/src/main/java/cz/mendelu/pef/xchyliko/keycloak/extensions/loginSessionListener/LoginSessionListenerProvider.java at main · eliskachylikova/keycloak-extensions · GitHub. Why not create a proper object and save this as JSON? That way other extensions can deserialize it and use it more easily than parsing a string.

#4
Seems like your login history page for the account console should be a child of the Security section, rather than it’s own standalone section keycloak-extensions/custom-theme/login-history-theme/account/resources/content.json at main · eliskachylikova/keycloak-extensions · GitHub as things like Device Activity are already in that section.

That’s all! Otherwise, a wonderful contribution, and quite a bit more polished than a lot of other extension attempts I’ve seen. Congratulations on your thesis.

1 Like

Thank you so much for your replies and for the review! I really appreciate it!

#1 This is a great point, I’ll check that out.
#2 Yes, I know about this one, the reason is that I wanted the extensions to be able to be used and distributed separately even though right now they are in the same repo.
#3 I am planning to improve it the way that you’re saying,
#4 Great point!

Once again, thank you for your feedback! I also made a PR to the list you linked above.