Reputation: 2096
How to make Keycloak validate user consent?
In our NodeJS/React application we use Keycloak for authorization. We need to implement consents upon registration. We adapted all these layouts to our design system https://github.com/keycloak/keycloak/tree/3.4.3.Final/themes/src/main/resources/theme/base/login.
There is layout for registration form. We added the checkbox <input type=checkbox name="user.attributes.registration_consent1" /> to the appropriate layout.
If user registers and checks the checkbox I can confirm that related information is stored in Keycloak>Users>SomeUser>Edit>Attributes
But still user can register without checking the checkbox. How to prevent user registration if he does not check the consent? I don't want to use JavaScript.
The Terms and Conditions method is unacceptable because of bad user experience and conversion slowdown.
Upvotes: 0
Views: 5929
Answers (2)
Reputation: 121
After you've added your form field to your template, you'll need to validate user input. Validation also mean checking if a mandatory field was filled out by the user and also overwriting / adding data based on the value of that field.
e.g. User checked "Terms & Conditions" but you need to store the timestamp of when those were accepted and maybe the version of the accepted "Terms & Conditions".
Relying on client side validation (HTML or JavaScript) is not the best solution.
In this particular case you'll need to tell Keycloak how to validate the value of that new field.
This can be done by using Keycloak's Service Provider Interfaces (SPIs). In this case the Authentication SPI is responsible for handling registration form data.
Here is a link to that particular section in the docs: https://www.keycloak.org/docs/latest/server_development/#modifying-extending-the-registration-form
Upvotes: 2
Reputation: 3682
You need to a required action. Under the admin, go to Authentication -> Required Actions tab. You can find there terms and conditions.
You probably need to edit the template of terms and conditions to match your theme and add the text you need the user to read. You usually find it under /login/terms.ftl
Result: user will not be registered if he declines the terms and conditions.
Upvotes: 0
Related Questions
- KeyCloak User validation and getting token
- Validate the user session via Keycloak by username
- How can I resolved Client requires user consent in keycloak?
- Keycloak token validation flow
- Keycloak - require user to set password after email verification
- How does a Keycloak client validate a token
- Setting up Keycloak for authentication
- Authorization on Keycloak
- Keycloak authorization
- Keycloak Verification Error