eShopOnAbp
eShopOnAbp copied to clipboard
abpframework
Keycloak and User Synchronization
In Keycloak, the user ID should be the same as the ID in the identity users table. The "sub" claim in the token should exist in users.
Currently, when creating users in EShopIdentityUserAppService, the ID will not be the same:
https://github.com/abpframework/eShopOnAbp/blob/327fbcc341fd7b5bb7dfa223593d3df2a7721c89/services/identity/src/EShopOnAbp.IdentityService.Application/Identity/EShopIdentityUserAppService.cs#L38
var createdUser = await base.CreateAsync(input);
await _backgroundJobManager.EnqueueAsync(new IdentityUserCreationArgs(input));
Each one will create a different ID.
When CreateUserLoggedInEto is executed: https://github.com/abpframework/eShopOnAbp/blob/327fbcc341fd7b5bb7dfa223593d3df2a7721c89/apps/public-web/src/EShopOnAbp.PublicWeb/EShopOnAbpPublicWebModule.cs#L199 and the event is published:
https://github.com/abpframework/eShopOnAbp/blob/327fbcc341fd7b5bb7dfa223593d3df2a7721c89/services/identity/src/EShopOnAbp.IdentityService.Application/UserLoggedInEventHandler.cs#L34
For the admin user, this process is fine as it will delete and re-create the admin user to match the ID.
However, for other users, it will attempt to re-create them with the same username but without roles. This can lead to validation issues when creating a new user with the same name.
We are trying to integrate an ABP project with Keycloak. The issue is with the first created user, "admin." We need to sync it with Keycloak in Data Seeder.
