KEYCLOAK Transient Users

October 30, 2024

Tags: #keycloak #oidc #authentication #transient #video

When working in Keycloak with external Identity Providers (no matter if social or not), Keycloak stores by default the authenticated user locally in its database. This might become problematic in terms of data minimization and data privacy control in context of GDPR or similar data protection laws. Removing stale users automatically from Keycloak is not possible out-of-the box and can become cumbersome.

With the (currently still experimental) feature TRANSIENT_USERS, it becomes possible to only have the authenticated users in-memory during their session lifetime. Once these user sessions are terminated (either through logout or timeout), all user data is gone, nothing will be stored in Keycloak.

Watch this video to see how it works and what to configure to be able to use it properly!

Don’t forget to subscribe to my YouTube channel!

Example sourcecodes (even if they are not used in this video) are available on my GitHub repository:
dasniko/keycloak-extensions-demo - GitHub

Du bist auf der Suche nach Keycloak Beratung, Unterstützung, Workshops oder Trainings?

Nimm Kontakt mit mir auf!

« KEYCLOAK Organizations and Multi-Tenancy in one Realm