How to lock/disable inactive account after period of time?

Hi,

just a couple of ideas, have tested only parts of these examples.

when a user logs in a user session is created which has a field started. You can create an extension which makes use of the TimerProvider to create a scheduled task to check all users.

Another way is to add a user attribute like last_login and each time the user has successfully logged in update it, you do this in an event listener, you can than again use the a TimerProvider to check these things.
An example of an event listener can be found at https://github.com/zonaut/keycloak-extensions and also includes an example how you could add an attribute in the PlaceholderEventListenerProvider class.

You also could approach it another way if you have your own backend and have the Keycloak users linked to a user in your own backend.
You could send an event to your backend when a user has logged in and do a scheduled task check in your own backend.
If you use Keycloak to let users access your app you could update a field in your own backend db and set a last_login field there and again do a scheduled task check. You can use the keycloak rest api to disable the user if needed.

It all depends on you and where you want to make changes. I like Keycloak for what it is and try not to customize too much of it when I can so maintenance and upgrades are kept to a minimal.
Writing a scheduled task in my own backend takes 5 minutes and as a user always passes my backend api I always know when a user has last logged in so I can do a quick easy and fast sql check in my own db.

Don’t forget to have fun :stuck_out_tongue:

2 Likes