I noticed keycloak will let you register with any username yet when you go to update a user profile from the system console, you can get an error about invalid characters in the username: “Error: Missing or invalid field(s) Please verify the fields in red”. Looking at the source code, the only username validation I see is in the validate method in the RegistrationUserCreation class, but all it appears to be checking for is whether or not the username already exists.
Is this intentional or am I missing something? What are considered valid usernames for keycloak? There’s obviously some validation being done from the system admin console. Has anyone written some basic validation to make sure the username conforms to whatever keycloak actually accepts?