Hi, i have integrated keycloak to connect to an external storage using user storage SPI.
However , i have noticed that during login, the getUserByUsername method from the UserLookupProvider interface is called 5 times (which seems not normal ?)
The flow which i run is a oauth 2.0 browser based login after which i successfully get a access & refresh token.
Using Keycloak 15.0.0 docker image with mysql as database for keycloak & postgresql for user storage SPI.
If you look through the Authenticators in the normal “Browser” flow, several of them call that method. So, while it doesn’t seem “normal” or even necessary, that’s how it currently works. The native user storage SPI has an intermediate distributed caching layer (Infinispan), so making multiple calls like this is relatively inexpensive.
Thanks for your response .
Long shot, but is it possible to load the user into the cache during 1st call ?
(Kind of keycloak would treat it like its an internal user maybe)
I’m not familiar enough with the Keycloak internals around the UserLookupProvider, but I suppose you could use the UserCacheSession in front of your own UserLookupProvider in the same way it’s being used in Keycloak to cache requests from JpaUserProvider. Take a look at the code.