IDENTITY_PROVIDER_FIRST_LOGIN event is never triggered / saved

Hello,

I would like to capture the IDENTITY_PROVIDER_FIRST_LOGIN event when it happens. For this purpose, I created a custom EventListenerProvider (and registered the factory as well). The event provider for now does nothing but printing the events triggered:

public class CustomEventListenerProvider implements EventListenerProvider {
  public CustomEventListenerProvider() {}

  @Override
  public void onEvent(Event event) {
    System.out.println("********************************************************************");
    System.out.println(event.getType().toString());
  }

  @Override
  public void onEvent(AdminEvent adminEvent, boolean b) {}

  @Override
  public void close() {}
}

for demo purposes, I configued google as idp, and tried logging in. It seems like only the REGISTER, LOGIN, and CODE_TO_TOKEN are captured by the listener. According to the keycloak codebase, the IDENTITY_PROVIDER_FIRST_LOGIN is triggered here: https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java#L760

even if this piece of code is called ( I checked by attaching the bebugger), the event it is still not sent to the Listener. I tried also storing events, same thing. Only the REGISTER, LOGIN, and CODE_TO_TOKEN are stored in the database. Anybody has an idea what is going on ? is this a keycloak bug ?

Thanks.
Zakaria

Might be a bug. I just noticed that I don’t see any IDENTITY_PROVIDER_FIRST_LOGIN in my events, even though there should be several of them.

Couple of questions:

  1. Do you have a custom auth flow for “First Broker Login” that might be causing this not to be called?
  2. Do you have Login Events turned on for storage? Do you see IDENTITY_PROVIDER_FIRST_LOGIN in the Admin UI?

I’ll keep looking to see if I can reproduce…

Thanks. I am using a slightly modified copy of the “First Broker Login”. After reading your message, I switched the flow to the original “First Broker Login”, but still the event is not captured.

and Yes storage is turned on.

Maybe the event is overridden by the LOGIN event. I am gonna try to get some confirmation in the Keycloak developer group

Hello everyone,

I just wanted to let you know that I discovered that this was a bug indeed. A PR was merged yesterday to fix this: trigger IDENTITY_PROVIDER_FIRST_LOGIN (and UPDATE_PROFILE ) event when identity provider flow succeeds by zak905 · Pull Request #15100 · keycloak/keycloak · GitHub

for those interested, IDENTITY_PROVIDER_FIRST_LOGIN event will be triggered starting from the next Keycloak release, whenever you login with an IDP.

1 Like

I’m hoping this will fix my issue: