KEYCLOAK Transient Users
October 30, 2024
Tags: #keycloak #oidc #authentication #transient #video
When working in Keycloak with external Identity Providers (no matter if social or not), Keycloak stores by default the authenticated user locally in its database. This might become problematic in terms of data minimization and data privacy control in context of GDPR or similar data protection laws. Removing stale users automatically from Keycloak is not possible out-of-the box and can become cumbersome.
With the (currently still experimental) feature TRANSIENT_USERS
, it becomes possible to only have the authenticated users in-memory during their session lifetime.
Once these user sessions are terminated (either through logout or timeout), all user data is gone, nothing will be stored in Keycloak.
Watch this video to see how it works and what to configure to be able to use it properly!
Don’t forget to subscribe to my YouTube channel!
Example sourcecodes (even if they are not used in this video) are available on my GitHub repository: