Set UPDATE_PASSWORD action under custom conditions: authenticator or event?

kikkauz · April 9, 2025, 6:54am

Hello

I have to assign users an update_password action under certain conditions not covered out of the box by Keycloak.
I see two ways of doing so:

create a custom authenticator: more visible and easier to configure, but it complicates an already complicated authentication flow and I would have to add it on multiple flows, login flow and post authentication flows from external IdPs
login event: set up once, but less visible and requires configurations in config file

Any other pros and cons I should consider?

Thanks!

Topic		Replies	Views
Keycloak required user actions Getting advice authentication	4	1926	November 8, 2021
Customized welcome email with update password link Getting advice	0	735	April 11, 2023
Keycloak password update Extending the server	0	319	January 2, 2023
Authenticating user automatically after password update Extending the server authentication	1	636	March 1, 2022
Keycloak UPDATE_PASSWORD updates a user password but repeatedly asks to update password - only for a particular user Getting advice	0	1155	January 4, 2021