search
GitHubStorybookStarter projectKeycloak as a service

Realtime input validation and custom registration fields

circle-exclamation

In reality the regexp used in this gif doesn't work server side, the regexp pattern should be ^[^@]@gmail\.com$ (the RegExp should match the whole string) 😬.

User Profile is a Keycloak feature that enables to define, from the admin consolearrow-up-right, what information you want to collect on your users in the register page and to validate inputs on the frontend, in realtimearrow-up-right!

circle-info

User profile is only available in Keycloak 15 and newer and it's not enabled by default, you have, to start keywloak with the extra parameter: --features=declarative-user-profilearrow-up-right

How you would pass this parameter in practice depend of the Docker image/Helm chart that you are using. Here is an example with docker composearrow-up-right. With older Keycloak distribution you can also use JAVA_OPS environement variable

docker examplearrow-up-right, helm examplearrow-up-right. But the default way, with the official docker image is thisarrow-up-right.

The feature also need to be enabled the feature in the consolearrow-up-right or you won't see the tab.

Keycloakify provides client side validation out of the box but for customizing the registration experience you'll have customize register-user-profile.ftl

Example in the starter project:

https://github.com/keycloakify/keycloakify-starter/blob/main/src/keycloak-theme/login/pages/RegisterUserProfile.tsxgithub.comchevron-right
The RegisterUserProfile page...
https://github.com/keycloakify/keycloakify-starter/blob/main/src/keycloak-theme/login/pages/shared/UserProfileFormFields.tsxgithub.comchevron-right
...but this is where the magic happens

hashtag
Password validation

You can establish guidelines for what constitutes a valid password, such as a minimum length, by utilizing the Keycloak Admin UI under 'Authentication -> Password Policy'. However, as of now, Keycloak does not support front-end validation of passwordsarrow-up-right.

This limitation means that we can't provide immediate feedback to the user on the client side about the validity of their chosen password. Only after the user clicks on 'Register' will they receive an error if the chosen password does not adhere to the server-defined password policy.

Should you insist on implementing client-side password validation, you can pass validators to the useFormValidation functionarrow-up-right, although it's not typically recommended. The reason for this is potential confusion for users if the validator defined in your theme does not align with the server's password policy.

hashtag
Getting your custom user attribute to be included in the JWT

In the public deployment of the starter projectarrow-up-right.

If you register you'll see that you have to select if your are a cat or dog person.

This appear because, on my keycloak server I have configured a custom user profile attribute.

And when the user is connecte, it's choice appear in the JWT

This work because I have created the following mapper in my Keycloak configuration pannel:

Go to clients -> starter (name of your client)arrow-up-right -> Mappers

  • Name: Favourite pet

  • Mapper type: User attribute

  • User attribute: favourite_pet

  • Token claim name: favourite_pet

  • Claim JSON type: string

LogoCloud identity and acces managementcloud-iam.comchevron-right
Feeling overwhelmed? Check out our exclusive sponsor's Cloud IAM consulting services to simplify your experience.
PreviousTerms and conditionsNextLimitations