I have a Keycloak instance that I use as an IAM via OAuth2 for my services. Upon user registration and login, I need to prepare some additional data to be used later by the services. To achieve this, I have implemented a dedicated service with the endpoint protected by the same IAM. This endpoint should be called on each user' login or registration, initiating data preparation process. My idea was, that upon login or registration, Keycloak should pass user ID and action (login or registration) to the Service initiating required actions in it:
User : Service : Keycloak : Keycloak EventListener
------------------+-----------------------+---------------------------+--------------------------------------
: : :
: : :
[Login/Register]-------------[OAuth2]----------------> :
: : ------------[Login/Create event]----------->
: : :
: : <---[Get token, client credentials flow]----
: : :
: : -----------------[Token]------------------->
: : :
: <--------------------[Access resource endpoint]-----------------------
: : :
: [Do required tasks] : :
: : :
: : :
So, currently "Service" has a protected endpoint allowed to access by some particular client only, using client credentials flow (via dedicated role, but doesn't matter, I suppose). My EventListener public class LoginEventListenerProvider implements EventListenerProvider
obtains the token from the .../token
Keycloak's endpoint via HTTP request, then use this token to access "Service" endpoint, passing user id and action there, which initiates required tasks on the "Service" side.
My question is, could it be simplified? At least, since my EventListener is already running as a part of the Keycloak, is it possible to use some API to get the token? Or maybe there is another approach to implement things like this?
Thank you!