IDENTITY_PROVIDER_FIRST_LOGIN event is never triggered / saved


I would like to capture the IDENTITY_PROVIDER_FIRST_LOGIN event when it happens. For this purpose, I created a custom EventListenerProvider (and registered the factory as well). The event provider for now does nothing but printing the events triggered:

public class CustomEventListenerProvider implements EventListenerProvider {
  public CustomEventListenerProvider() {}

  public void onEvent(Event event) {

  public void onEvent(AdminEvent adminEvent, boolean b) {}

  public void close() {}

for demo purposes, I configued google as idp, and tried logging in. It seems like only the REGISTER, LOGIN, and CODE_TO_TOKEN are captured by the listener. According to the keycloak codebase, the IDENTITY_PROVIDER_FIRST_LOGIN is triggered here:

even if this piece of code is called ( I checked by attaching the bebugger), the event it is still not sent to the Listener. I tried also storing events, same thing. Only the REGISTER, LOGIN, and CODE_TO_TOKEN are stored in the database. Anybody has an idea what is going on ? is this a keycloak bug ?


Might be a bug. I just noticed that I don’t see any IDENTITY_PROVIDER_FIRST_LOGIN in my events, even though there should be several of them.

Couple of questions:

  1. Do you have a custom auth flow for “First Broker Login” that might be causing this not to be called?
  2. Do you have Login Events turned on for storage? Do you see IDENTITY_PROVIDER_FIRST_LOGIN in the Admin UI?

I’ll keep looking to see if I can reproduce…

Thanks. I am using a slightly modified copy of the “First Broker Login”. After reading your message, I switched the flow to the original “First Broker Login”, but still the event is not captured.

and Yes storage is turned on.

Maybe the event is overridden by the LOGIN event. I am gonna try to get some confirmation in the Keycloak developer group